I 've learned how to get basic authentication going, given Brian's
suggestion, and a little more trial and error.
Things that I would like to add to the authentication-primer at jollem (if I
had the time this week) include:
1. You need the <login-config> tag in web.xml
2. you need the <security-role-mapping> tag in orion-application.xml.
3. I also needed to understand the scope of the url-pattern '/' entered in
web.xml. It protects everything but the root, to protect that too you need
to enter '*' as the url-pattern. I suppose 'x' means directory x, and 'x\'
means the content of directory x. In a url-pattern, '*' seems to mean
'whatever the root directory is'.
Given the above and appropriate group and user defns in
orion\config\principals things work OK.
I've attached a zip of my test-app's application's xml files.
Bill.
----- Original Message -----
From: "Bill Winspur" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: Sunday, May 06, 2001 11:24 PM
Subject: Re: Basic Authentication
> Thanks Brian.
>
> Yup, authentication probably does need that <login-config tag>, aargh !
> However, I must have other problems because Orion continues to blithely
> respond to my supposedly protected URL without a hint of an authentication
> dialog. I'll experiment further.
>
> Bill.
> ----- Original Message -----
> From: "Brian Adair" <[EMAIL PROTECTED]>
> To: "Orion-Interest" <[EMAIL PROTECTED]>
> Sent: Monday, May 07, 2001 7:34 PM
> Subject: Re: Basic Authentication
>
>
> > Bill,
> >
> > Looks like your missing the <login-config> element in web.xml. Try this:
> >
> > <web-app>
> > ...
> >
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > <realm-name>Head Count Application</realm-name>
> > </login-config>
> >
> > ...
> > </web-app>
> >
> > --
> > Brian Adair
> > Software Developer
> > Telepak.net
> > http://www.telepak.net
> >
> >
> > > Bill Winspur wrote:
> > >
> > > I want to implement basic authentication and used the primer at
> > > http://www.jollem.com/~ernst/orion-security-primer/
> > > as a guide, but have not managed to password protect page one so far.
> > > The URL I'm trying to protect responds normally with no login dialog
> > > being presented, i.e. my security constraints are apparently
> > > malformed, and are being ignored.
> > >
> > > The primer shows how:
> > > a) users are assigned to groups (<user>, principals.xml),
> > > b) how <security-role>'s are defined by a web app (<security-role>,
> > > web.xml).
> > > c) how <web-resource-collection>'s are defined and
> > > d) and how the role a permitted user must have to access a resource
> > > is bound to the resource (<security-constraint>, web.xml).
> > >
> > > However, the primer does not show the xml to assign roles to groups,
> > > although it asserts that this needs to be done: A security role is
> > > mapped to users indirectly, via user groups.
> > >
> > > Should group/security-role binding be done via the
> > > <security-role-mapping> tag in orion-application.xml, or is there some
> > > other linkage I am unaware of ?
> > >
> > > I inserted the following in the orion-application.xml, after
> > > deployment:
> > >
> > > <security-role-mapping impliesAll="true" name="sr_headcounter">
> > > <group name="gr_headcounters" />
> > > </security-role-mapping>
> > >
> > > but it made no difference to my test case. The authentication dialog
> > > did not appear. I have appended content of the relevant xml files from
> > > my test case below, and the ear is atached). If anyone can shed any
> > > light on why I cannot trigger authentication, much TIA. I'm running
> > > NT4 sp6, JDK1.2.2, Orion 1.4.5, and IE 5.00. IE's user authentication
> > > option is set to Automatic logon only in Intranet zone. I'm signed on
> > > to NT under a user-id that should not be able to load the first (and
> > > only) page of the test-case app.
> > > ---------------------
> > > My principals.xml is as follows:
> > >
> > > <?xml version="1.0"?>
> > > <!DOCTYPE principals PUBLIC
> > > "file://Evermind - Orion Principals//"
> > > "http://www.orionserver.com/dtds/principals.dtd"
> > > >
> > >
> > > <principals>
> > > <groups>
> > > <group name="administrators">
> > > <description>administrators</description>
> > > <permission name="administration" />
> > > <permission name="com.evermind.server.AdministrationPermission" />
> > > </group>
> > > <group name="guests">
> > > <description>guests</description>
> > > </group>
> > > <group name="users">
> > > <description>users</description>
> > > <permission name="rmi:login" />
> > > <permission name="com.evermind.server.rmi.RMIPermission" />
> > > </group>
> > > <group name="gr_headcounters">
> > > <description>users of the headcount application</description>
> > > </group>
> > > </groups>
> > > <users>
> > > <user username="admin" password="xxxxxxx">
> > > <description>The default administrator</description>
> > > <group-membership group="administrators" />
> > > <group-membership group="guests" />
> > > <group-membership group="users" />
> > > </user>
> > > <user username="user" password="xxxxxxxx" deactivated="true">
> > > <description>The default user</description>
> > > <group-membership group="guests" />
> > > <group-membership group="users" />
> > > </user>
> > > <user username="anonymous" password="">
> > > <description>The default guest/anonyomous user</description>
> > > <group-membership group="guests" />
> > > </user>
> > > <user username="hcounter" password="xxx">
> > > <description>Headcount Joe - a test identity</description>
> > > <group-membership group="guests" />
> > > <group-membership group="users" />
> > > <group-membership group="gr_headcounters" />
> > > </user>
> > > </users>
> > > </principals>
> > > -------------------------------
> > >
> > > my web.xml is as follows:
> > >
> > > <?xml version="1.0"?>
> > > <!DOCTYPE web-app PUBLIC
> > > "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> > > "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
> > >
> > > <web-app>
> > > <display-name>Authenticate Web Application</display-name>
> > > <servlet>
> > >
> > > <servlet-name>com.allipl.authenticate.FrontServlet</servlet-name>
> > > <description>Servlet that demands browser
> > > credentials</description>
> > >
> > > <servlet-class>com.allipl.authenticate.FrontServlet</servlet-class>
> > > </servlet>
> > >
> > >
> > > <servlet-mapping>
> > >
> > > <servlet-name>com.allipl.authenticate.FrontServlet</servlet-name>
> > > <!-- url-pattern appears to be relative to the
> > > context root specified in config/default-website.xml -->
> > > <url-pattern>/</url-pattern>
> > > </servlet-mapping>
> > >
> > > <security-role>
> > > <role-name>sr_headcounter</role-name>
> > > </security-role>
> > >
> > > <security-constraint>
> > > <web-resource-collection>
> > > <web-resource-name>Front Servlet</web-resource-name>
> > > <url-pattern>/</url-pattern>
> > > <http-method>*</http-method>
> > > </web-resource-collection>
> > > <auth-constraint>
> > > <role-name>sr_headcounter</role-name>
> > > </auth-constraint>
> > > </security-constraint>
> > >
> > > </web-app>
> > > ------------------------
> > > my app's application.xml
> > > <?xml version="1.0"?>
> > > <!DOCTYPE application PUBLIC
> > > "-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN"
> > > "http://java.sun.com/j2ee/dtds/application_1_2.dtd">
> > >
> > > <application>
> > >
> > > <display-name>Authentication Experimental
> > > Application)</display-name>
> > >
> > > <module>
> > > <web>
> > > <web-uri>authenticate-web.war</web-uri>
> > > <context-root>/authenticate</context-root>
> > > </web>
> > > </module>
> > >
> > > </application>
> > >
> > > -----------------------------
> > > the orion-generated, orion-application.xml:
> > >
> > > <?xml version="1.0"?>
> > > <!DOCTYPE orion-application PUBLIC "-//Evermind//DTD J2EE Application
> > > runtime 1.2//EN"
> > > "http://www.orionserver.com/dtds/orion-application.dtd">
> > >
> > > <orion-application deployment-version="1.4.5">
> > > <web-module id="authenticate-web" path="authenticate-web.war" />
> > > <security-role-mapping name="authenticate-app-user">
> > > </security-role-mapping>
> > > <security-role-mapping name="sr_headcounter">
> > > <group name="gr_headcounters" />
> > > </security-role-mapping>
> > > <persistence path="persistence" />
> > > <principals path="principals.xml" />
> > > <log>
> > > <file path="application.log" />
> > > </log>
> > > <namespace-access>
> > > <read-access>
> > > <namespace-resource root="">
> > > <security-role-mapping name="<jndi-user-role>">
> > > <group name="administrators" />
> > > </security-role-mapping>
> > > </namespace-resource>
> > > </read-access>
> > > <write-access>
> > > <namespace-resource root="">
> > > <security-role-mapping name="<jndi-user-role>">
> > > <group name="administrators" />
> > > </security-role-mapping>
> > > </namespace-resource>
> > > </write-access>
> > > </namespace-access>
> > > </orion-application>
> > >
> > > The lines in red, in the above file, were manually inserted after
> > > deployment of the authenticate app, and resulting in an auto deploy.
> > >
> > > Name: authenticate-eap.ear
> > > authenticate-eap.ear Type: unspecified type
> > > (application/octet-stream)
> > > Encoding: base64
> > >
> > > Name: FrontServlet.java
> > > FrontServlet.java Type: Java Source File
> > >
> (application/x-unknown-content-type-JCreator.java)
> > > Encoding: quoted-printable
> >
> >
>
>
>