Thanks Brian.
Yup, authentication probably does need that <login-config tag>, aargh !
However, I must have other problems because Orion continues to blithely
respond to my supposedly protected URL without a hint of an authentication
dialog. I'll experiment further.
Bill.
----- Original Message -----
From: "Brian Adair" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: Monday, May 07, 2001 7:34 PM
Subject: Re: Basic Authentication
> Bill,
>
> Looks like your missing the <login-config> element in web.xml. Try this:
>
> <web-app>
> ...
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Head Count Application</realm-name>
> </login-config>
>
> ...
> </web-app>
>
> --
> Brian Adair
> Software Developer
> Telepak.net
> http://www.telepak.net
>
>
> > Bill Winspur wrote:
> >
> > I want to implement basic authentication and used the primer at
> > http://www.jollem.com/~ernst/orion-security-primer/
> > as a guide, but have not managed to password protect page one so far.
> > The URL I'm trying to protect responds normally with no login dialog
> > being presented, i.e. my security constraints are apparently
> > malformed, and are being ignored.
> >
> > The primer shows how:
> > a) users are assigned to groups (<user>, principals.xml),
> > b) how <security-role>'s are defined by a web app (<security-role>,
> > web.xml).
> > c) how <web-resource-collection>'s are defined and
> > d) and how the role a permitted user must have to access a resource
> > is bound to the resource (<security-constraint>, web.xml).
> >
> > However, the primer does not show the xml to assign roles to groups,
> > although it asserts that this needs to be done: A security role is
> > mapped to users indirectly, via user groups.
> >
> > Should group/security-role binding be done via the
> > <security-role-mapping> tag in orion-application.xml, or is there some
> > other linkage I am unaware of ?
> >
> > I inserted the following in the orion-application.xml, after
> > deployment:
> >
> > <security-role-mapping impliesAll="true" name="sr_headcounter">
> > <group name="gr_headcounters" />
> > </security-role-mapping>
> >
> > but it made no difference to my test case. The authentication dialog
> > did not appear. I have appended content of the relevant xml files from
> > my test case below, and the ear is atached). If anyone can shed any
> > light on why I cannot trigger authentication, much TIA. I'm running
> > NT4 sp6, JDK1.2.2, Orion 1.4.5, and IE 5.00. IE's user authentication
> > option is set to Automatic logon only in Intranet zone. I'm signed on
> > to NT under a user-id that should not be able to load the first (and
> > only) page of the test-case app.
> > ---------------------
> > My principals.xml is as follows:
> >
> > <?xml version="1.0"?>
> > <!DOCTYPE principals PUBLIC
> > "file://Evermind - Orion Principals//"
> > "http://www.orionserver.com/dtds/principals.dtd";
> > >
> >
> > <principals>
> > <groups>
> > <group name="administrators">
> > <description>administrators</description>
> > <permission name="administration" />
> > <permission name="com.evermind.server.AdministrationPermission" />
> > </group>
> > <group name="guests">
> > <description>guests</description>
> > </group>
> > <group name="users">
> > <description>users</description>
> > <permission name="rmi:login" />
> > <permission name="com.evermind.server.rmi.RMIPermission" />
> > </group>
> > <group name="gr_headcounters">
> > <description>users of the headcount application</description>
> > </group>
> > </groups>
> > <users>
> > <user username="admin" password="xxxxxxx">
> > <description>The default administrator</description>
> > <group-membership group="administrators" />
> > <group-membership group="guests" />
> > <group-membership group="users" />
> > </user>
> > <user username="user" password="xxxxxxxx" deactivated="true">
> > <description>The default user</description>
> > <group-membership group="guests" />
> > <group-membership group="users" />
> > </user>
> > <user username="anonymous" password="">
> > <description>The default guest/anonyomous user</description>
> > <group-membership group="guests" />
> > </user>
> > <user username="hcounter" password="xxx">
> > <description>Headcount Joe - a test identity</description>
> > <group-membership group="guests" />
> > <group-membership group="users" />
> > <group-membership group="gr_headcounters" />
> > </user>
> > </users>
> > </principals>
> > -------------------------------
> >
> > my web.xml is as follows:
> >
> > <?xml version="1.0"?>
> > <!DOCTYPE web-app PUBLIC
> > "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> > "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd";>
> >
> > <web-app>
> > <display-name>Authenticate Web Application</display-name>
> > <servlet>
> >
> > <servlet-name>com.allipl.authenticate.FrontServlet</servlet-name>
> > <description>Servlet that demands browser
> > credentials</description>
> >
> > <servlet-class>com.allipl.authenticate.FrontServlet</servlet-class>
> > </servlet>
> >
> >
> > <servlet-mapping>
> >
> > <servlet-name>com.allipl.authenticate.FrontServlet</servlet-name>
> > <!-- url-pattern appears to be relative to the
> > context root specified in config/default-website.xml -->
> > <url-pattern>/</url-pattern>
> > </servlet-mapping>
> >
> > <security-role>
> > <role-name>sr_headcounter</role-name>
> > </security-role>
> >
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Front Servlet</web-resource-name>
> > <url-pattern>/</url-pattern>
> > <http-method>*</http-method>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>sr_headcounter</role-name>
> > </auth-constraint>
> > </security-constraint>
> >
> > </web-app>
> > ------------------------
> > my app's application.xml
> > <?xml version="1.0"?>
> > <!DOCTYPE application PUBLIC
> > "-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN"
> > "http://java.sun.com/j2ee/dtds/application_1_2.dtd";>
> >
> > <application>
> >
> > <display-name>Authentication Experimental
> > Application)</display-name>
> >
> > <module>
> > <web>
> > <web-uri>authenticate-web.war</web-uri>
> > <context-root>/authenticate</context-root>
> > </web>
> > </module>
> >
> > </application>
> >
> > -----------------------------
> > the orion-generated, orion-application.xml:
> >
> > <?xml version="1.0"?>
> > <!DOCTYPE orion-application PUBLIC "-//Evermind//DTD J2EE Application
> > runtime 1.2//EN"
> > "http://www.orionserver.com/dtds/orion-application.dtd";>
> >
> > <orion-application deployment-version="1.4.5">
> > <web-module id="authenticate-web" path="authenticate-web.war" />
> > <security-role-mapping name="authenticate-app-user">
> > </security-role-mapping>
> > <security-role-mapping name="sr_headcounter">
> > <group name="gr_headcounters" />
> > </security-role-mapping>
> > <persistence path="persistence" />
> > <principals path="principals.xml" />
> > <log>
> > <file path="application.log" />
> > </log>
> > <namespace-access>
> > <read-access>
> > <namespace-resource root="">
> > <security-role-mapping name="<jndi-user-role>">
> > <group name="administrators" />
> > </security-role-mapping>
> > </namespace-resource>
> > </read-access>
> > <write-access>
> > <namespace-resource root="">
> > <security-role-mapping name="<jndi-user-role>">
> > <group name="administrators" />
> > </security-role-mapping>
> > </namespace-resource>
> > </write-access>
> > </namespace-access>
> > </orion-application>
> >
> > The lines in red, in the above file, were manually inserted after
> > deployment of the authenticate app, and resulting in an auto deploy.
> >
> > Name: authenticate-eap.ear
> > authenticate-eap.ear Type: unspecified type
> > (application/octet-stream)
> > Encoding: base64
> >
> > Name: FrontServlet.java
> > FrontServlet.java Type: Java Source File
> >
(application/x-unknown-content-type-JCreator.java)
> > Encoding: quoted-printable
>
>
