Bill,
Looks like your missing the <login-config> element in web.xml. Try this:
<web-app>
...
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Head Count Application</realm-name>
</login-config>
...
</web-app>
--
Brian Adair
Software Developer
Telepak.net
http://www.telepak.net
> Bill Winspur wrote:
>
> I want to implement basic authentication and used the primer at
> http://www.jollem.com/~ernst/orion-security-primer/
> as a guide, but have not managed to password protect page one so far.
> The URL I'm trying to protect responds normally with no login dialog
> being presented, i.e. my security constraints are apparently
> malformed, and are being ignored.
>
> The primer shows how:
> a) users are assigned to groups (<user>, principals.xml),
> b) how <security-role>'s are defined by a web app (<security-role>,
> web.xml).
> c) how <web-resource-collection>'s are defined and
> d) and how the role a permitted user must have to access a resource
> is bound to the resource (<security-constraint>, web.xml).
>
> However, the primer does not show the xml to assign roles to groups,
> although it asserts that this needs to be done: A security role is
> mapped to users indirectly, via user groups.
>
> Should group/security-role binding be done via the
> <security-role-mapping> tag in orion-application.xml, or is there some
> other linkage I am unaware of ?
>
> I inserted the following in the orion-application.xml, after
> deployment:
>
> <security-role-mapping impliesAll="true" name="sr_headcounter">
> <group name="gr_headcounters" />
> </security-role-mapping>
>
> but it made no difference to my test case. The authentication dialog
> did not appear. I have appended content of the relevant xml files from
> my test case below, and the ear is atached). If anyone can shed any
> light on why I cannot trigger authentication, much TIA. I'm running
> NT4 sp6, JDK1.2.2, Orion 1.4.5, and IE 5.00. IE's user authentication
> option is set to Automatic logon only in Intranet zone. I'm signed on
> to NT under a user-id that should not be able to load the first (and
> only) page of the test-case app.
> ---------------------
> My principals.xml is as follows:
>
> <?xml version="1.0"?>
> <!DOCTYPE principals PUBLIC
> "file://Evermind - Orion Principals//"
> "http://www.orionserver.com/dtds/principals.dtd";
> >
>
> <principals>
> <groups>
> <group name="administrators">
> <description>administrators</description>
> <permission name="administration" />
> <permission name="com.evermind.server.AdministrationPermission" />
> </group>
> <group name="guests">
> <description>guests</description>
> </group>
> <group name="users">
> <description>users</description>
> <permission name="rmi:login" />
> <permission name="com.evermind.server.rmi.RMIPermission" />
> </group>
> <group name="gr_headcounters">
> <description>users of the headcount application</description>
> </group>
> </groups>
> <users>
> <user username="admin" password="xxxxxxx">
> <description>The default administrator</description>
> <group-membership group="administrators" />
> <group-membership group="guests" />
> <group-membership group="users" />
> </user>
> <user username="user" password="xxxxxxxx" deactivated="true">
> <description>The default user</description>
> <group-membership group="guests" />
> <group-membership group="users" />
> </user>
> <user username="anonymous" password="">
> <description>The default guest/anonyomous user</description>
> <group-membership group="guests" />
> </user>
> <user username="hcounter" password="xxx">
> <description>Headcount Joe - a test identity</description>
> <group-membership group="guests" />
> <group-membership group="users" />
> <group-membership group="gr_headcounters" />
> </user>
> </users>
> </principals>
> -------------------------------
>
> my web.xml is as follows:
>
> <?xml version="1.0"?>
> <!DOCTYPE web-app PUBLIC
> "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd";>
>
> <web-app>
> <display-name>Authenticate Web Application</display-name>
> <servlet>
>
> <servlet-name>com.allipl.authenticate.FrontServlet</servlet-name>
> <description>Servlet that demands browser
> credentials</description>
>
> <servlet-class>com.allipl.authenticate.FrontServlet</servlet-class>
> </servlet>
>
>
> <servlet-mapping>
>
> <servlet-name>com.allipl.authenticate.FrontServlet</servlet-name>
> <!-- url-pattern appears to be relative to the
> context root specified in config/default-website.xml -->
> <url-pattern>/</url-pattern>
> </servlet-mapping>
>
> <security-role>
> <role-name>sr_headcounter</role-name>
> </security-role>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Front Servlet</web-resource-name>
> <url-pattern>/</url-pattern>
> <http-method>*</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>sr_headcounter</role-name>
> </auth-constraint>
> </security-constraint>
>
> </web-app>
> ------------------------
> my app's application.xml
> <?xml version="1.0"?>
> <!DOCTYPE application PUBLIC
> "-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN"
> "http://java.sun.com/j2ee/dtds/application_1_2.dtd";>
>
> <application>
>
> <display-name>Authentication Experimental
> Application)</display-name>
>
> <module>
> <web>
> <web-uri>authenticate-web.war</web-uri>
> <context-root>/authenticate</context-root>
> </web>
> </module>
>
> </application>
>
> -----------------------------
> the orion-generated, orion-application.xml:
>
> <?xml version="1.0"?>
> <!DOCTYPE orion-application PUBLIC "-//Evermind//DTD J2EE Application
> runtime 1.2//EN"
> "http://www.orionserver.com/dtds/orion-application.dtd";>
>
> <orion-application deployment-version="1.4.5">
> <web-module id="authenticate-web" path="authenticate-web.war" />
> <security-role-mapping name="authenticate-app-user">
> </security-role-mapping>
> <security-role-mapping name="sr_headcounter">
> <group name="gr_headcounters" />
> </security-role-mapping>
> <persistence path="persistence" />
> <principals path="principals.xml" />
> <log>
> <file path="application.log" />
> </log>
> <namespace-access>
> <read-access>
> <namespace-resource root="">
> <security-role-mapping name="<jndi-user-role>">
> <group name="administrators" />
> </security-role-mapping>
> </namespace-resource>
> </read-access>
> <write-access>
> <namespace-resource root="">
> <security-role-mapping name="<jndi-user-role>">
> <group name="administrators" />
> </security-role-mapping>
> </namespace-resource>
> </write-access>
> </namespace-access>
> </orion-application>
>
> The lines in red, in the above file, were manually inserted after
> deployment of the authenticate app, and resulting in an auto deploy.
>
> Name: authenticate-eap.ear
> authenticate-eap.ear Type: unspecified type
> (application/octet-stream)
> Encoding: base64
>
> Name: FrontServlet.java
> FrontServlet.java Type: Java Source File
> (application/x-unknown-content-type-JCreator.java)
> Encoding: quoted-printable
