Title: ³×À̹ö ¸ÞÀÏ
 |
|
|
ÀÌ°øº¹ (kongbok) ´Ô²² º¸³»½Å ¸ÞÀÏ <¸ÞÀÏ Àü¼Û ½ÇÆÐ ¾Ë¸² <[EMAIL PROTECTED]>>
ÀÌ ´ÙÀ½°ú °°Àº ÀÌÀ¯·Î Àü¼Û ½ÇÆÐÇß½À´Ï´Ù.
|
| -------------------------------------------- |
|
|
¼ö½ÅÀÚÀÇ ¸ÞÀÏ º¸°ü ¿ë·®ÀÌ °¡µæÂ÷ ÀÖ½À´Ï´Ù. ³ªÁß¿¡ ´Ù½Ã ½ÃµµÇϽʽÿÀ.
|
|
| -------------------------------------------- |
|
Title: ³×À̹ö ¸ÞÀÏ
|
|
|
ÀÌ°øº¹ (kongbok) ´Ô²² º¸³»½Å ¸ÞÀÏ <¸ÞÀÏ Àü¼Û ½ÇÆÐ ¾Ë¸² <[EMAIL PROTECTED]>>
ÀÌ ´ÙÀ½°ú °°Àº ÀÌÀ¯·Î Àü¼Û ½ÇÆÐÇß½À´Ï´Ù.
|
| -------------------------------------------- |
|
|
¼ö½ÅÀÚÀÇ ¸ÞÀÏ º¸°ü ¿ë·®ÀÌ °¡µæÂ÷ ÀÖ½À´Ï´Ù. ³ªÁß¿¡ ´Ù½Ã ½ÃµµÇϽʽÿÀ.
|
|
| -------------------------------------------- |
|
Title: ³×À̹ö ¸ÞÀÏ
|
|
|
ÀÌ°øº¹ (kongbok) ´Ô²² º¸³»½Å ¸ÞÀÏ <¸ÞÀÏ Àü¼Û ½ÇÆÐ ¾Ë¸² <[EMAIL PROTECTED]>>
ÀÌ ´ÙÀ½°ú °°Àº ÀÌÀ¯·Î Àü¼Û ½ÇÆÐÇß½À´Ï´Ù.
|
| -------------------------------------------- |
|
|
¼ö½ÅÀÚÀÇ ¸ÞÀÏ º¸°ü ¿ë·®ÀÌ °¡µæÂ÷ ÀÖ½À´Ï´Ù. ³ªÁß¿¡ ´Ù½Ã ½ÃµµÇϽʽÿÀ.
|
|
| -------------------------------------------- |
|
Title: ³×À̹ö ¸ÞÀÏ
|
|
|
ÀÌ°øº¹ (kongbok) ´Ô²² º¸³»½Å ¸ÞÀÏ <Re: unable to configure form-based authentication correctly>
ÀÌ ´ÙÀ½°ú °°Àº ÀÌÀ¯·Î Àü¼Û ½ÇÆÐÇß½À´Ï´Ù.
|
| -------------------------------------------- |
|
|
¼ö½ÅÀÚÀÇ ¸ÞÀÏ º¸°ü ¿ë·®ÀÌ °¡µæÂ÷ ÀÖ½À´Ï´Ù. ³ªÁß¿¡ ´Ù½Ã ½ÃµµÇϽʽÿÀ.
|
|
| -------------------------------------------- |
|
Humphrey,
I compared your descriptors with the ones I have in my own
app and found just a few differences that might suggest changes you
can try to get this working:
1. I defined the security roles in both application.xml and web.xml,
not web.xml alone.
2. My protected URL is in a subdirectory, so it's: /protected/* rather
than /*. If you really want everything protected, try omitting the
leading
slash and just use *.
3. I don't specify the http methods in the web-resource-collection tag.
4. My security-role-mapping tags in the orion-application.xml are not
nested in the namespace-access tag. Instead, I have them nested directly
under the orion-application tag.
I'm a UserManager of my own design rather than the one that Orion
supplies, but that shouldn't make any difference.
Hope that helps.
Gordon.
----- Original Message -----
From: Humphrey Sheil <[EMAIL PROTECTED]>
To: Orion-Interest <[EMAIL PROTECTED]>
Sent: Monday, May 14, 2001 10:20 AM
Subject: unable to configure form-based authentication correctly
> Hi
>
> I am unable to achieve a basic goal with orion: to force form-based
> authentication using the simplest form of authentication (userids and
> passwords stored in principals.xml).
>
> I have read all the posts on this subject on the mailing list, but to no
> avail. I also tried the security primer on jollem.com, but the author of
> this primer told me that this tutorial is not yet working. I also saw the
> posts by Bill Winspure on Fri, 11 May 2001, but the mail archive hasn't
got
> the zip file attached to the mail.
>
> My application works fine without authentication, so there are no other
> non-security related things affecting this.
>
> My procedure to add form-based auth.
> ====================================
>
> 1. I add three new attributes to my web.xml:
>
> <!-- attribute 1. declare the role I want to access my pages -->
>
> <security-role>
> <role-name>r_user</role-name>
> </security-role>
>
>
> <!-- attribute 2. now tell the container what and how I want
protected -->
> <!-- note that the role-name attribute matches my security-role attribute
> above -->
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/*</url-pattern>
> <!-- If you list http methods, only those methods are
protected -->
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->
> <role-name>r_user</role-name>
> </auth-constraint>
> </security-constraint>
>
>
>
> <!-- attribute 3. let the container know that I want to use
form-based
> auth., and redirect to login.jsp -->
> <!-- the form in login.jsp conforms to the servlet 2.2 spec. naming
> conventions -->
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>Example Form-Based Authentication Area</realm-name>
> <form-login-config>
> <form-login-page>login.jsp</form-login-page>
> <form-error-page>error.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
>
> 2. I edited the principals.xml contained in $ORION_HOME/config to contain
> my user and group:
>
>
> <group name="g_user"/>
>
>
> <user username="testuser" password="xxx">
> <group-membership group="g_user" />
> </user>
>
>
> 3. I built and deployed the application at this point, and started orion
> server (with a fresh application-deployment directory).
>
>
> Next, I went to my application sub-directory under
> $ORION_HOME/application-deployments.
>
> Here I edited orion-application.xml and added two security-role-mapping
> attributes, one each in the read-access and write-access sections as
> follows:
>
>
> <namespace-access>
> <read-access>
> <namespace-resource root="">
> <security-role-mapping
> name="<jndi-user-role>">
> <group name="administrators" />
> </security-role-mapping>
> <security-role-mapping name="<r_user>">
> <group name="g_user" />
> </security-role-mapping>
> </namespace-resource>
> </read-access>
> <write-access>
> <namespace-resource root="">
> <security-role-mapping
> name="<jndi-user-role>">
> <group name="administrators" />
> </security-role-mapping>
> <security-role-mapping name="<r_user>">
> <group name="g_user" />
> </security-role-mapping>
> </namespace-resource>
> </write-access>
>
>
> (notes: I tried this with and without the < >. I also tried adding
> just one security-role-mapping).
>
>
>
> The form-based auth. still does not work. I am presented with the login
> form correctly when I try to access a protected resource, but my username
> and password is always rejected.
>
> Is this functionality working in orion server 1.4.5?
>
> What have I missed in my steps above?
>
> Has anybody gotten this to work?
>
>
> Thanks in advance
>
> Humphrey
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>
>
