You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by blb <bl...@gmail.com> on 2009/12/17 16:10:06 UTC
Unable to get user role
Hi all,
I am migrating from Tomcat to Geronimo and need some help to finish to
configure security for a webapp.
I can authenticate a user within Geronimo but I'm not able to get the user
role.
The request.isUserInRole() call always returns false.
You can find below an extract of the configuration files concerned by
security:
http://old.nabble.com/file/p26829415/extract_geronimo-web.xml
extract_geronimo-web.xml
http://old.nabble.com/file/p26829415/extract_web.xml extract_web.xml
Can you please tell me what's wrong (or missing) with the webapp
configuration ?
--
View this message in context: http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26829415.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Unable to get user role
Posted by blb <bl...@gmail.com>.
Here is a little webapp to show the problem.
http://old.nabble.com/file/p26890721/TestSecurGeronimo.war
TestSecurGeronimo.war
- If the servlet that calls the jsp is in the protected area, isUserInrole
returns true in both servlet and jsp.
- If it isn't, the isUserInrole() returns false either in the jsp or in
the servlet
--
View this message in context: http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26890721.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Unable to get user role
Posted by blb <bl...@gmail.com>.
David,
Form auth is used to authenticate the user. The behaviour you described is
the one we expected and we met previously with Tomcat.
For the moment, in my geronimo environment, it works only if servlets or
jsps are secured.
Geronimo 2.1.4 is used.
djencks wrote:
>
> If you are using form auth you should still be getting isUserInRole to
> be true after you have logged in once, even on unprotected pages. I'm
> not sure if there are any tests for this anywhere, especially for jsps
> that aren't listed in web.xml. We have gotten this to work for
> servlets at various times.
>
> If you are using basic or digest auth, you won't AFAIK. I'm not sure
> about client-cert auth.
>
> Which geronimo version are you using?
>
> thanks
> david jencks
>
> On Dec 18, 2009, at 9:57 AM, blb wrote:
>
>>
>> I finally succededed in getting true from the isUserInRole() call,
>> protecting
>> more resources in the web.xml file.
>> I have to check the whole application to see if the unauthenticated
>> section
>> still works (some of the resources i have put in the protected area
>> are
>> used by both parts).
>> I'll keep you informed of the results.
>>
>> Fabrice
>>
>> blb wrote:
>>>
>>> I did a few more tests.
>>> The isUserInRole() returns true only for protected servlets.
>>> I didn't succeded yet in declarings the jsps as protected resources.
>>>
>>> Fabrice
>>>
>>> blb wrote:
>>>>
>>>> David,
>>>>
>>>> Thanks for your reply.
>>>>
>>>> 1) Yes, the authentication works well.
>>>>
>>>> 2) isUserInRole() always returns false. It is called from a jsp
>>>> which is
>>>> not declared in the webapp protected resources (this configuration
>>>> worked
>>>> well in Tomcat). I'll try to declare the jsps in the protected
>>>> resources
>>>> to check if the problem is solved.
>>>>
>>>> 3) The webapp is made of jsps and servlets. The isUserInRole() call
>>>> returns true in a protected servlet.
>>>>
>>>> Fabrice
>>>>
>>>>
>>>>
>>>> djencks wrote:
>>>>>
>>>>> I'd like to clarify a couple of points...
>>>>>
>>>>> - IIUC, you have to authenticate to access a secured page, this
>>>>> part
>>>>> of security is working fine?
>>>>>
>>>>> - From a secured page, you cannot use isUserInRole()?
>>>>>
>>>>> - are all your pages jsps? Do they have servlet mappings? Does
>>>>> this
>>>>> occur with a secured servlet?
>>>>>
>>>>> thanks
>>>>> david jencks
>>>>>
>>>>> On Dec 17, 2009, at 7:10 AM, blb wrote:
>>>>>
>>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> I am migrating from Tomcat to Geronimo and need some help to
>>>>>> finish to
>>>>>> configure security for a webapp.
>>>>>> I can authenticate a user within Geronimo but I'm not able to get
>>>>>> the user
>>>>>> role.
>>>>>> The request.isUserInRole() call always returns false.
>>>>>>
>>>>>> You can find below an extract of the configuration files
>>>>>> concerned by
>>>>>> security:
>>>>>> http://old.nabble.com/file/p26829415/extract_geronimo-web.xml
>>>>>> extract_geronimo-web.xml
>>>>>> http://old.nabble.com/file/p26829415/extract_web.xml
>>>>>> extract_web.xml
>>>>>>
>>>>>> Can you please tell me what's wrong (or missing) with the webapp
>>>>>> configuration ?
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26829415.html
>>>>>> Sent from the Apache Geronimo - Users mailing list archive at
>>>>>> Nabble.com.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26847205.html
>> Sent from the Apache Geronimo - Users mailing list archive at
>> Nabble.com.
>>
>
>
>
--
View this message in context: http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26874597.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Unable to get user role
Posted by David Jencks <da...@yahoo.com>.
If you are using form auth you should still be getting isUserInRole to
be true after you have logged in once, even on unprotected pages. I'm
not sure if there are any tests for this anywhere, especially for jsps
that aren't listed in web.xml. We have gotten this to work for
servlets at various times.
If you are using basic or digest auth, you won't AFAIK. I'm not sure
about client-cert auth.
Which geronimo version are you using?
thanks
david jencks
On Dec 18, 2009, at 9:57 AM, blb wrote:
>
> I finally succededed in getting true from the isUserInRole() call,
> protecting
> more resources in the web.xml file.
> I have to check the whole application to see if the unauthenticated
> section
> still works (some of the resources i have put in the protected area
> are
> used by both parts).
> I'll keep you informed of the results.
>
> Fabrice
>
> blb wrote:
>>
>> I did a few more tests.
>> The isUserInRole() returns true only for protected servlets.
>> I didn't succeded yet in declarings the jsps as protected resources.
>>
>> Fabrice
>>
>> blb wrote:
>>>
>>> David,
>>>
>>> Thanks for your reply.
>>>
>>> 1) Yes, the authentication works well.
>>>
>>> 2) isUserInRole() always returns false. It is called from a jsp
>>> which is
>>> not declared in the webapp protected resources (this configuration
>>> worked
>>> well in Tomcat). I'll try to declare the jsps in the protected
>>> resources
>>> to check if the problem is solved.
>>>
>>> 3) The webapp is made of jsps and servlets. The isUserInRole() call
>>> returns true in a protected servlet.
>>>
>>> Fabrice
>>>
>>>
>>>
>>> djencks wrote:
>>>>
>>>> I'd like to clarify a couple of points...
>>>>
>>>> - IIUC, you have to authenticate to access a secured page, this
>>>> part
>>>> of security is working fine?
>>>>
>>>> - From a secured page, you cannot use isUserInRole()?
>>>>
>>>> - are all your pages jsps? Do they have servlet mappings? Does
>>>> this
>>>> occur with a secured servlet?
>>>>
>>>> thanks
>>>> david jencks
>>>>
>>>> On Dec 17, 2009, at 7:10 AM, blb wrote:
>>>>
>>>>>
>>>>> Hi all,
>>>>>
>>>>> I am migrating from Tomcat to Geronimo and need some help to
>>>>> finish to
>>>>> configure security for a webapp.
>>>>> I can authenticate a user within Geronimo but I'm not able to get
>>>>> the user
>>>>> role.
>>>>> The request.isUserInRole() call always returns false.
>>>>>
>>>>> You can find below an extract of the configuration files
>>>>> concerned by
>>>>> security:
>>>>> http://old.nabble.com/file/p26829415/extract_geronimo-web.xml
>>>>> extract_geronimo-web.xml
>>>>> http://old.nabble.com/file/p26829415/extract_web.xml
>>>>> extract_web.xml
>>>>>
>>>>> Can you please tell me what's wrong (or missing) with the webapp
>>>>> configuration ?
>>>>> --
>>>>> View this message in context:
>>>>> http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26829415.html
>>>>> Sent from the Apache Geronimo - Users mailing list archive at
>>>>> Nabble.com.
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
> --
> View this message in context: http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26847205.html
> Sent from the Apache Geronimo - Users mailing list archive at
> Nabble.com.
>
Re: Unable to get user role
Posted by blb <bl...@gmail.com>.
I finally succededed in getting true from the isUserInRole() call, protecting
more resources in the web.xml file.
I have to check the whole application to see if the unauthenticated section
still works (some of the resources i have put in the protected area are
used by both parts).
I'll keep you informed of the results.
Fabrice
blb wrote:
>
> I did a few more tests.
> The isUserInRole() returns true only for protected servlets.
> I didn't succeded yet in declarings the jsps as protected resources.
>
> Fabrice
>
> blb wrote:
>>
>> David,
>>
>> Thanks for your reply.
>>
>> 1) Yes, the authentication works well.
>>
>> 2) isUserInRole() always returns false. It is called from a jsp which is
>> not declared in the webapp protected resources (this configuration worked
>> well in Tomcat). I'll try to declare the jsps in the protected resources
>> to check if the problem is solved.
>>
>> 3) The webapp is made of jsps and servlets. The isUserInRole() call
>> returns true in a protected servlet.
>>
>> Fabrice
>>
>>
>>
>> djencks wrote:
>>>
>>> I'd like to clarify a couple of points...
>>>
>>> - IIUC, you have to authenticate to access a secured page, this part
>>> of security is working fine?
>>>
>>> - From a secured page, you cannot use isUserInRole()?
>>>
>>> - are all your pages jsps? Do they have servlet mappings? Does this
>>> occur with a secured servlet?
>>>
>>> thanks
>>> david jencks
>>>
>>> On Dec 17, 2009, at 7:10 AM, blb wrote:
>>>
>>>>
>>>> Hi all,
>>>>
>>>> I am migrating from Tomcat to Geronimo and need some help to finish to
>>>> configure security for a webapp.
>>>> I can authenticate a user within Geronimo but I'm not able to get
>>>> the user
>>>> role.
>>>> The request.isUserInRole() call always returns false.
>>>>
>>>> You can find below an extract of the configuration files concerned by
>>>> security:
>>>> http://old.nabble.com/file/p26829415/extract_geronimo-web.xml
>>>> extract_geronimo-web.xml
>>>> http://old.nabble.com/file/p26829415/extract_web.xml extract_web.xml
>>>>
>>>> Can you please tell me what's wrong (or missing) with the webapp
>>>> configuration ?
>>>> --
>>>> View this message in context:
>>>> http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26829415.html
>>>> Sent from the Apache Geronimo - Users mailing list archive at
>>>> Nabble.com.
>>>>
>>>
>>>
>>>
>>
>>
>
>
--
View this message in context: http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26847205.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Unable to get user role
Posted by blb <bl...@gmail.com>.
I did a few more tests.
The isUserInRole() returns true only for protected servlets.
I didn't succeded yet in declarings the jsps as protected resources.
Fabrice
blb wrote:
>
> David,
>
> Thanks for your reply.
>
> 1) Yes, the authentication works well.
>
> 2) isUserInRole() always returns false. It is called from a jsp which is
> not declared in the webapp protected resources (this configuration worked
> well in Tomcat). I'll try to declare the jsps in the protected resources
> to check if the problem is solved.
>
> 3) The webapp is made of jsps and servlets. The isUserInRole() call
> returns true in a protected servlet.
>
> Fabrice
>
>
>
> djencks wrote:
>>
>> I'd like to clarify a couple of points...
>>
>> - IIUC, you have to authenticate to access a secured page, this part
>> of security is working fine?
>>
>> - From a secured page, you cannot use isUserInRole()?
>>
>> - are all your pages jsps? Do they have servlet mappings? Does this
>> occur with a secured servlet?
>>
>> thanks
>> david jencks
>>
>> On Dec 17, 2009, at 7:10 AM, blb wrote:
>>
>>>
>>> Hi all,
>>>
>>> I am migrating from Tomcat to Geronimo and need some help to finish to
>>> configure security for a webapp.
>>> I can authenticate a user within Geronimo but I'm not able to get
>>> the user
>>> role.
>>> The request.isUserInRole() call always returns false.
>>>
>>> You can find below an extract of the configuration files concerned by
>>> security:
>>> http://old.nabble.com/file/p26829415/extract_geronimo-web.xml
>>> extract_geronimo-web.xml
>>> http://old.nabble.com/file/p26829415/extract_web.xml extract_web.xml
>>>
>>> Can you please tell me what's wrong (or missing) with the webapp
>>> configuration ?
>>> --
>>> View this message in context:
>>> http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26829415.html
>>> Sent from the Apache Geronimo - Users mailing list archive at
>>> Nabble.com.
>>>
>>
>>
>>
>
>
--
View this message in context: http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26846845.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Unable to get user role
Posted by blb <bl...@gmail.com>.
David,
Thanks for your reply.
1) Yes, the authentication works well.
2) isUserInRole() always returns false. It is called from a jsp which is not
declared in the webapp protected resources (this configuration worked well
in Tomcat). I'll try to declare the jsps in the protected resources to check
if the problem is solved.
3) The webapp is made of jsps and servlets. The isUserInRole() call returns
true in a protected servlet.
Fabrice
djencks wrote:
>
> I'd like to clarify a couple of points...
>
> - IIUC, you have to authenticate to access a secured page, this part
> of security is working fine?
>
> - From a secured page, you cannot use isUserInRole()?
>
> - are all your pages jsps? Do they have servlet mappings? Does this
> occur with a secured servlet?
>
> thanks
> david jencks
>
> On Dec 17, 2009, at 7:10 AM, blb wrote:
>
>>
>> Hi all,
>>
>> I am migrating from Tomcat to Geronimo and need some help to finish to
>> configure security for a webapp.
>> I can authenticate a user within Geronimo but I'm not able to get
>> the user
>> role.
>> The request.isUserInRole() call always returns false.
>>
>> You can find below an extract of the configuration files concerned by
>> security:
>> http://old.nabble.com/file/p26829415/extract_geronimo-web.xml
>> extract_geronimo-web.xml
>> http://old.nabble.com/file/p26829415/extract_web.xml extract_web.xml
>>
>> Can you please tell me what's wrong (or missing) with the webapp
>> configuration ?
>> --
>> View this message in context:
>> http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26829415.html
>> Sent from the Apache Geronimo - Users mailing list archive at
>> Nabble.com.
>>
>
>
>
--
View this message in context: http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26843936.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Unable to get user role
Posted by David Jencks <da...@yahoo.com>.
I'd like to clarify a couple of points...
- IIUC, you have to authenticate to access a secured page, this part
of security is working fine?
- From a secured page, you cannot use isUserInRole()?
- are all your pages jsps? Do they have servlet mappings? Does this
occur with a secured servlet?
thanks
david jencks
On Dec 17, 2009, at 7:10 AM, blb wrote:
>
> Hi all,
>
> I am migrating from Tomcat to Geronimo and need some help to finish to
> configure security for a webapp.
> I can authenticate a user within Geronimo but I'm not able to get
> the user
> role.
> The request.isUserInRole() call always returns false.
>
> You can find below an extract of the configuration files concerned by
> security:
> http://old.nabble.com/file/p26829415/extract_geronimo-web.xml
> extract_geronimo-web.xml
> http://old.nabble.com/file/p26829415/extract_web.xml extract_web.xml
>
> Can you please tell me what's wrong (or missing) with the webapp
> configuration ?
> --
> View this message in context: http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26829415.html
> Sent from the Apache Geronimo - Users mailing list archive at
> Nabble.com.
>