Re: unable to configure form-based authentication correctly
Humphrey, I compared your descriptors with the ones I have in my own app and found just a few differences that might suggest changes you can try to get this working: 1. I defined the security roles in both application.xml and web.xml, not web.xml alone. 2. My protected URL is in a subdirectory, so it's: /protected/* rather than /*. If you really want everything protected, try omitting the leading slash and just use *. 3. I don't specify the http methods in the web-resource-collection tag. 4. My security-role-mapping tags in the orion-application.xml are not nested in the namespace-access tag. Instead, I have them nested directly under the orion-application tag. I'm a UserManager of my own design rather than the one that Orion supplies, but that shouldn't make any difference. Hope that helps. Gordon. - Original Message - From: Humphrey Sheil <[EMAIL PROTECTED]> To: Orion-Interest <[EMAIL PROTECTED]> Sent: Monday, May 14, 2001 10:20 AM Subject: unable to configure form-based authentication correctly > Hi > > I am unable to achieve a basic goal with orion: to force form-based > authentication using the simplest form of authentication (userids and > passwords stored in principals.xml). > > I have read all the posts on this subject on the mailing list, but to no > avail. I also tried the security primer on jollem.com, but the author of > this primer told me that this tutorial is not yet working. I also saw the > posts by Bill Winspure on Fri, 11 May 2001, but the mail archive hasn't got > the zip file attached to the mail. > > My application works fine without authentication, so there are no other > non-security related things affecting this. > > My procedure to add form-based auth. > > > 1. I add three new attributes to my web.xml: > > > > >r_user > > > > > > > > > Protected Area > > /* > > DELETE > GET > POST > PUT > > > > r_user > > > > > > > > > FORM > Example Form-Based Authentication Area > > login.jsp > error.jsp > > > > > 2. I edited the principals.xml contained in $ORION_HOME/config to contain > my user and group: > > > > > > > > > > > 3. I built and deployed the application at this point, and started orion > server (with a fresh application-deployment directory). > > > Next, I went to my application sub-directory under > $ORION_HOME/application-deployments. > > Here I edited orion-application.xml and added two security-role-mapping > attributes, one each in the read-access and write-access sections as > follows: > > > > > > name="<jndi-user-role>"> > > > > > > > > > > name="<jndi-user-role>"> > > > > > > > > > > (notes: I tried this with and without the < >. I also tried adding > just one security-role-mapping). > > > > The form-based auth. still does not work. I am presented with the login > form correctly when I try to access a protected resource, but my username > and password is always rejected. > > Is this functionality working in orion server 1.4.5? > > What have I missed in my steps above? > > Has anybody gotten this to work? > > > Thanks in advance > > Humphrey > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > > >
SV: unable to configure form-based authentication correctly
Title: SV: unable to configure form-based authentication correctly No, the distinction between groups and roles are correct. The mapping should be in the /deploy-dir/orion-application.xml and map the roles to groups, as done. If you check out the deploy dir of the ATM you will notice that Orion has automatically mapped the role "users" to the group "users" per default. Now, the mapping should look like: You probably want this outside your tag though. WR > -Ursprungligt meddelande- > Från: elephantwalker [mailto:[EMAIL PROTECTED]] > Skickat: den 14 maj 2001 11:15 > Till: Orion-Interest > Ämne: RE: unable to configure form-based authentication correctly > > > AFIK the role name and the group name have to be the same. > You use r_users > and g_users. This could be the problem. ATM app uses role=users and > group=users. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > Humphrey Sheil > Sent: Monday, May 14, 2001 10:20 AM > To: Orion-Interest > Subject: unable to configure form-based authentication correctly > > > Hi > > I am unable to achieve a basic goal with orion: to force form-based > authentication using the simplest form of authentication (userids and > passwords stored in principals.xml). > > I have read all the posts on this subject on the mailing > list, but to no > avail. I also tried the security primer on jollem.com, but > the author of > this primer told me that this tutorial is not yet working. I > also saw the > posts by Bill Winspure on Fri, 11 May 2001, but the mail > archive hasn't got > the zip file attached to the mail. > > My application works fine without authentication, so there > are no other > non-security related things affecting this. > > My procedure to add form-based auth. > > > 1. I add three new attributes to my web.xml: > > > > > r_user > > > > > > > > > Protected Area > > /* > > DELETE > GET > POST > PUT > > > > r_user > > > > > > > > > FORM > Example Form-Based Authentication Area > > login.jsp > error.jsp > > > > > 2. I edited the principals.xml contained in > $ORION_HOME/config to contain > my user and group: > > > > > > > > > > > 3. I built and deployed the application at this point, and > started orion > server (with a fresh application-deployment directory). > > > Next, I went to my application sub-directory under > $ORION_HOME/application-deployments. > > Here I edited orion-application.xml and added two > security-role-mapping > attributes, one each in the read-access and write-access sections as > follows: > > > > > > > name="<jndi-user-role>"> > > > > > > > > > > > name="<jndi-user-role>"> > > > > > > > > > > (notes: I tried this with and without the < >. I also > tried adding > just one security-role-mapping). > > > > The form-based auth. still does not work. I am presented > with the login > form correctly when I try to access a protected resource, but > my username > and password is always rejected. > > Is this functionality working in orion server 1.4.5? > > What have I missed in my steps above? > > Has anybody gotten this to work? > > > Thanks in advance > > Humphrey > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > > >
RE: unable to configure form-based authentication correctly
AFIK the role name and the group name have to be the same. You use r_users and g_users. This could be the problem. ATM app uses role=users and group=users. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Humphrey Sheil Sent: Monday, May 14, 2001 10:20 AM To: Orion-Interest Subject: unable to configure form-based authentication correctly Hi I am unable to achieve a basic goal with orion: to force form-based authentication using the simplest form of authentication (userids and passwords stored in principals.xml). I have read all the posts on this subject on the mailing list, but to no avail. I also tried the security primer on jollem.com, but the author of this primer told me that this tutorial is not yet working. I also saw the posts by Bill Winspure on Fri, 11 May 2001, but the mail archive hasn't got the zip file attached to the mail. My application works fine without authentication, so there are no other non-security related things affecting this. My procedure to add form-based auth. 1. I add three new attributes to my web.xml: r_user Protected Area /* DELETE GET POST PUT r_user FORM Example Form-Based Authentication Area login.jsp error.jsp 2. I edited the principals.xml contained in $ORION_HOME/config to contain my user and group: 3. I built and deployed the application at this point, and started orion server (with a fresh application-deployment directory). Next, I went to my application sub-directory under $ORION_HOME/application-deployments. Here I edited orion-application.xml and added two security-role-mapping attributes, one each in the read-access and write-access sections as follows: (notes: I tried this with and without the < >. I also tried adding just one security-role-mapping). The form-based auth. still does not work. I am presented with the login form correctly when I try to access a protected resource, but my username and password is always rejected. Is this functionality working in orion server 1.4.5? What have I missed in my steps above? Has anybody gotten this to work? Thanks in advance Humphrey _ Get your FREE download of MSN Explorer at http://explorer.msn.com
unable to configure form-based authentication correctly
Hi I am unable to achieve a basic goal with orion: to force form-based authentication using the simplest form of authentication (userids and passwords stored in principals.xml). I have read all the posts on this subject on the mailing list, but to no avail. I also tried the security primer on jollem.com, but the author of this primer told me that this tutorial is not yet working. I also saw the posts by Bill Winspure on Fri, 11 May 2001, but the mail archive hasn't got the zip file attached to the mail. My application works fine without authentication, so there are no other non-security related things affecting this. My procedure to add form-based auth. 1. I add three new attributes to my web.xml: r_user Protected Area /* DELETE GET POST PUT r_user FORM Example Form-Based Authentication Area login.jsp error.jsp 2. I edited the principals.xml contained in $ORION_HOME/config to contain my user and group: 3. I built and deployed the application at this point, and started orion server (with a fresh application-deployment directory). Next, I went to my application sub-directory under $ORION_HOME/application-deployments. Here I edited orion-application.xml and added two security-role-mapping attributes, one each in the read-access and write-access sections as follows: (notes: I tried this with and without the < >. I also tried adding just one security-role-mapping). The form-based auth. still does not work. I am presented with the login form correctly when I try to access a protected resource, but my username and password is always rejected. Is this functionality working in orion server 1.4.5? What have I missed in my steps above? Has anybody gotten this to work? Thanks in advance Humphrey _ Get your FREE download of MSN Explorer at http://explorer.msn.com