DEVHIDE
Login Or Sign up

Glassfish basic authentication in REST services

1.5k Views Asked by At

I am trying to make basic authentication in Web Project using Glassfish jdbcRealm.

This is my web.xml authentication part:

<security-constraint>
    <display-name>LoginTestContraint</display-name>
    <web-resource-collection>
        <web-resource-name>Login</web-resource-name>
        <description/>
        <url-pattern>/login/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <description/>
        <role-name>UsersRead</role-name>
        <role-name>UsersWrite</role-name>
        <role-name>UsersDelete</role-name>
    </auth-constraint>
</security-constraint>
<security-constraint>
    <display-name>UsersConstraints</display-name>
    <web-resource-collection>
        <web-resource-name>FindAll</web-resource-name>
        <description/>
        <url-pattern>/resources/com.taxi.model.users/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <description/>
        <role-name>UsersRead</role-name>
        <role-name>UsersWrite</role-name>
        <role-name>UsersDelete</role-name>
    </auth-constraint>
</security-constraint>
<security-constraint>
    <display-name>AccessConstraints</display-name>
    <web-resource-collection>
        <web-resource-name>/resources/com.taxi.model.access</web-resource-name>
        <description/>
        <url-pattern>/resources/com.taxi.model.access/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <description/>
        <role-name>AccessRead</role-name>
        <role-name>AccessWrite</role-name>
        <role-name>AccessDelete</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>taxiJDBCRealm</realm-name>
</login-config>
<security-role>
    <description/>
    <role-name>AccessRead</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>AccessWrite</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>AccessDelete</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>UsersRead</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>UsersWrite</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>UsersDelete</role-name>
</security-role>

And this is what i have in glassfish-web.xml:

<glassfish-web-app error-url="">
  <security-role-mapping>
    <role-name>AccessDelete</role-name>
    <group-name>AccessDelete</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>AccessRead</role-name>
    <group-name>AccessRead</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>AccessWrite</role-name>
    <group-name>AccessWrite</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>UsersDelete</role-name>
    <group-name>UsersDelete</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>UsersRead</role-name>
    <group-name>UsersRead</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>UsersWrite</role-name>
    <group-name>UsersWrite</group-name>
  </security-role-mapping>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</glassfish-web-app>

I want to authenticate REST service users, so I do following:

@Stateless
@Path("com.taxi.model.users")
public class UsersFacadeREST extends AbstractFacade<Users> {

    // ...

    @GET
    @Override
    @Produces({"application/xml", "application/json"})
    @RolesAllowed("UsersRead")
    public List<Users> findAll() {
        return super.findAll();
    }

    // ...

}

@Stateless
@Path("com.taxi.model.access")
public class AccessFacadeREST extends AbstractFacade<Access> {

    // ...

    @GET
    @Override
    @Produces({"application/xml", "application/json"})
    @RolesAllowed("AccessRead")
    public List<Access> findAll() {
        return super.findAll();
    }

    // ...

}

When I try to open http://localhost:8080/taxi/resources/com.taxi.model.access it returns me XML with accesses.

So, then I try to open http://localhost:8080/taxi/resources/com.taxi.model.users in browser it is all works, but access is denied. In postgresql log file I see:

2011-08-15 13:32:14 SAMST LOG:  execute <unnamed>: SELECT glpasswd FROM vw_glusertable WHERE gluser = $1
2011-08-15 13:32:14 SAMST DETAIL:  parameters: $1 = 'nickla'
2011-08-15 13:32:14 SAMST LOG:  execute <unnamed>: SELECT glgroup FROM vw_glgrouptable WHERE gluser = $1 
2011-08-15 13:32:14 SAMST DETAIL:  parameters: $1 = 'nickla'

Glassfish error log:

FINE: [Web-Security] Setting Policy Context ID: old = null ctxID = taxi/taxi
FINE: [Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /resources/com.taxi.model.users GET)
FINE: [Web-Security] hasUserDataPermission isGranted: true
FINE: [Web-Security] Policy Context ID was: taxi/taxi
FINE: [Web-Security] Codesource with Web URL: file:/taxi/taxi
FINE: [Web-Security] Checking Web Permission with Principals : null
FINE: [Web-Security] Web Permission = (javax.security.jacc.WebResourcePermission /resources/com.taxi.model.users GET)
FINEST: JACC Policy Provider: PolicyWrapper.implies, context (taxi/taxi)- result was(false) permission ((javax.security.jacc.WebResourcePermission /resources/com.taxi.model.users GET))
FINE: [Web-Security] hasResource isGranted: false
FINE: [Web-Security] hasResource perm: (javax.security.jacc.WebResourcePermission /resources/com.taxi.model.users GET)
FINEST: Processing login with credentials of type: class com.sun.enterprise.security.auth.login.common.PasswordCredential
FINE: Logging in user [nickla] into realm: taxiJDBCRealm using JAAS module: jdbcRealm
FINE: Login module initialized: class com.sun.enterprise.security.auth.login.JDBCLoginModule
FINEST: JDBC login succeeded for: nickla groups:[UsersRead, AccessRead, AccessWrite, UsersWrite, UsersDelete, AccessDelete]
FINE: JAAS login complete.
FINE: JAAS authentication committed.
FINE: Password login succeeded for : nickla
FINE: Set security context as user: nickla
FINE: [Web-Security] Policy Context ID was: taxi/taxi
FINE: [Web-Security] Codesource with Web URL: file:/taxi/taxi
FINE: [Web-Security] Checking Web Permission with Principals : nickla, UsersRead, AccessRead, AccessWrite, UsersWrite, UsersDelete, AccessDelete
FINE: [Web-Security] Web Permission = (javax.security.jacc.WebResourcePermission /resources/com.taxi.model.users GET)
FINEST: JACC Policy Provider: PolicyWrapper.implies, context (taxi/taxi)- result was(false) permission ((javax.security.jacc.WebResourcePermission /resources/com.taxi.model.users GET))
FINE: [Web-Security] hasResource isGranted: false
FINE: [Web-Security] hasResource perm: (javax.security.jacc.WebResourcePermission /resources/com.taxi.model.users GET)

Why is Glassfish told me that my user with role UsersRead has no grants for com.taxi.model.users?

P.S.:

Answer is simple - do not use UsersRead UsersWrite UsersDelete words as role names. I do not know why, but when I changed it to UsersRead11 all things go right.

authentication rest jakarta-ee glassfish-3 netbeans7.0
Original Q&A
0

There are 0 best solutions below

Related Questions in AUTHENTICATION

Related Questions in REST

Related Questions in JAKARTA-EE

Related Questions in GLASSFISH-3

Related Questions in NETBEANS7.0

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.