Clever Geek Handbook

What does the error mean when logging in through the JAAS role:!?

I have the following Jetty setup:

<New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
    <Set name="Name">FOO JAAS Realm</Set>
    <Set name="LoginModuleName">foo</Set>
    <Set name="roleClassNames">
        <Array type="java.lang.String">
            <Item>foo.jaas.principal.UserPrincipal</Item>
            <Item>foo.jaas.principal.RolePrincipal</Item>
            <Item>org.eclipse.jetty.plus.jaas.JAASRole</Item>
        </Array>
    </Set>
</New>

I am using inline Jetty 7.6.1.v20120215 via Maven Jetty plugin.

When I try to login through the form I have, the login fields are correctly submitted to / j _security_check. I wrote my own LoginModule that gets called and validates users correctly. I can see that their principles are correctly loaded from the database.

Instead of showing a secure page, Jetty shows me:

HTTP ERROR 403

Problem accessing /foo/auth.html. Reason:

    !role

I'm not really sure what this actually means.

I have the following in my web.xml:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>ADMINISTRATOR</web-resource-name>
        <url-pattern>/auth.html</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>ADMINISTRATOR</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>foo</realm-name>
    <form-login-config>
        <form-login-page>/login.html</form-login-page>
        <form-error-page>/authfail.html</form-error-page>
    </form-login-config>
</login-config>

<security-role>
    <role-name>ADMINISTRATOR</role-name>
</security-role>
<security-role>
    <role-name>USER</role-name>
</security-role>

I register as an administrator.

Any help on the cryptic JAAS post displayed by Jetty would be much appreciated.

+3


source to share


2 answers


The user logged in does not have the ADMINISTRATOR role that you run at /auth.html.

During the commit phase, your JAAS login module should add user roles to project contributors. Roles are performed in the Principal extending class that you specify to Jetty in the jetty.xml file.

Login module should have something like this in commit() 



    Set<Principal> subjectPrincipals = subject.getPrincipals();


    //add the roles
    for (String role : userRolesList) {

         subjectPrincipals.add(new RolePrincipal(role));
    }

RolePrincipal

- your role class

+1


source


I had the same error and the above code was already there ... but after reading: http://wiki.eclipse.org/Jetty/Tutorial/JAAS I also had to update web-jetty.xml and add

<Set name="roleClassNames">
   <Array type="java.lang.String">
      <Item>login.RolePrincipal</Item>
   </Array>
</Set>

in this section:



<New class="org.eclipse.jetty.plus.jaas.JAASLoginService">

because I used a specially crafted director for the roles "login.RolePrincipal" (actually I inherited the code and moved the application from tomcat to the jetty :))

+2








More articles:


All Articles