You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by "Hu, Yiguang" <Yi...@stercomm.com> on 2006/06/20 21:55:02 UTC
login proxy problem
I have the following login page under /jetspeed/index.jsp (not a
portlet). I don't have problem with admin users. But run into problem
with non-admin user. After I provide the credentials for the login, it
was redirected to /jetspeed/login/redirector servlet which report the
following "HTTP Status 403" on the page. If I do
localhost:8080/Jetspeed/portal, it will show me the default page though.
I also attached the Jetspeed.log file which says "- Failed
authenticate() test ??/jetspeed/login/j_security_check" and
DEBUG org.apache.catalina.realm.RealmBase - Username tester does NOT
have role admin
DEBUG org.apache.catalina.realm.RealmBase - No role found: admin
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Failed
accessControl() test
Any help is appreciated.
Thanks
"HTTP Status 403 - Access to the requested resource has been denied
________________________________
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested
resource has been denied) has been forbidden.
"
I saw this in the Jetspeed.log file:
DEBUG org.apache.catalina.realm.JAASRealm - JAAS LoginContext created
for username "tester"
DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal "tester"
[org.apache.jetspeed.security.impl.UserPrincipalImpl
DEBUG org.apache.catalina.realm.JAASRealm - Principal "tester" is a
valid user class. We will use this as the user Principal.
DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal
"testrole" [org.apache.jetspeed.security.impl.RolePrincipalImp
l
DEBUG org.apache.catalina.realm.JAASRealm - Adding role Principal
"testrole" to this user Principal's roles
DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal "user"
[org.apache.jetspeed.security.impl.RolePrincipalImpl
DEBUG org.apache.catalina.realm.JAASRealm - Adding role Principal
"user" to this user Principal's roles
DEBUG org.apache.catalina.realm.JAASRealm - Username "tester"
successfully authenticated as Principal "{1}" -- Subject was cr
eated too
DEBUG org.apache.catalina.authenticator.FormAuthenticator -
Authentication of 'tester' was successful
DEBUG org.apache.catalina.authenticator.FormAuthenticator - Redirecting
to original '/jetspeed/login/redirector'
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Failed
authenticate() test ??/jetspeed/login/j_security_check
DEBUG org.apache.catalina.connector.CoyoteAdapter - Requested cookie
session id is E3C7DBE736DB74705622495DCE3A7D55
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Security
checking request GET /jetspeed/login/redirector
DEBUG org.apache.catalina.realm.RealmBase - Checking constraint
'SecurityConstraint[Login
DEBUG org.apache.catalina.realm.RealmBase - Checking constraint
'SecurityConstraint[Manager
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Calling
hasUserDataPermission()
DEBUG org.apache.catalina.realm.RealmBase - User data constraint has
no restrictions
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Calling
authenticate()
DEBUG org.apache.catalina.authenticator.FormAuthenticator - Restore
request from session 'E3C7DBE736DB74705622495DCE3A7D55'
DEBUG org.apache.catalina.authenticator.AuthenticatorBase -
Authenticated 'tester' with type 'FORM'
DEBUG org.apache.catalina.authenticator.FormAuthenticator - Proceed to
restored request
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Calling
accessControl()
DEBUG org.apache.catalina.realm.RealmBase - Checking roles
GenericPrincipal[tester(testrole,user,)
DEBUG org.apache.catalina.realm.RealmBase - Username tester does NOT
have role admin
DEBUG org.apache.catalina.realm.RealmBase - No role found: admin
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Failed
accessControl() test
The index page under /Jetspeed
<form method="POST" action='/jetspeed/login/proxy'>
Username
<input type="text" size="30"
name="org.apache.jetspeed.login.username" value="">
Password
<input type="password" size="30"
name="org.apache.jetspeed.login.password">
<input type="submit" value="Login">
</form>
Re: login proxy problem
Posted by Akshay Ahooja <ak...@gmail.com>.
If you are using a newer version of Tomcat it will do that to you unless you
explicitly define your user roles:
In web.xml under <security-constraint>
Instead of:
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
Change to:
<auth-constraint>
<role-name>admin</role-name>
<role-name>user</role-name>
<role-name>manager</role-name>
</auth-constraint>
And then try it - it should work...
HTH,
Akshay
On 6/20/06, Hu, Yiguang <Yi...@stercomm.com> wrote:
>
> I have the following login page under /jetspeed/index.jsp (not a
> portlet). I don't have problem with admin users. But run into problem
> with non-admin user. After I provide the credentials for the login, it
> was redirected to /jetspeed/login/redirector servlet which report the
> following "HTTP Status 403" on the page. If I do
> localhost:8080/Jetspeed/portal, it will show me the default page though.
> I also attached the Jetspeed.log file which says "- Failed
> authenticate() test ??/jetspeed/login/j_security_check" and
>
> DEBUG org.apache.catalina.realm.RealmBase - Username tester does NOT
> have role admin
>
> DEBUG org.apache.catalina.realm.RealmBase - No role found: admin
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Failed
> accessControl() test
>
>
>
>
>
> Any help is appreciated.
>
> Thanks
>
>
> "HTTP Status 403 - Access to the requested resource has been denied
>
> ________________________________
>
>
> type Status report
>
> message Access to the requested resource has been denied
>
> description Access to the specified resource (Access to the requested
> resource has been denied) has been forbidden.
>
> "
>
> I saw this in the Jetspeed.log file:
>
> DEBUG org.apache.catalina.realm.JAASRealm - JAAS LoginContext created
> for username "tester"
>
> DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal "tester"
> [org.apache.jetspeed.security.impl.UserPrincipalImpl
>
> DEBUG org.apache.catalina.realm.JAASRealm - Principal "tester" is a
> valid user class. We will use this as the user Principal.
>
> DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal
> "testrole" [org.apache.jetspeed.security.impl.RolePrincipalImp
>
> l
>
> DEBUG org.apache.catalina.realm.JAASRealm - Adding role Principal
> "testrole" to this user Principal's roles
>
> DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal "user"
> [org.apache.jetspeed.security.impl.RolePrincipalImpl
>
> DEBUG org.apache.catalina.realm.JAASRealm - Adding role Principal
> "user" to this user Principal's roles
>
> DEBUG org.apache.catalina.realm.JAASRealm - Username "tester"
> successfully authenticated as Principal "{1}" -- Subject was cr
>
> eated too
>
> DEBUG org.apache.catalina.authenticator.FormAuthenticator -
> Authentication of 'tester' was successful
>
> DEBUG org.apache.catalina.authenticator.FormAuthenticator - Redirecting
> to original '/jetspeed/login/redirector'
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Failed
> authenticate() test ??/jetspeed/login/j_security_check
>
> DEBUG org.apache.catalina.connector.CoyoteAdapter - Requested cookie
> session id is E3C7DBE736DB74705622495DCE3A7D55
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Security
> checking request GET /jetspeed/login/redirector
>
> DEBUG org.apache.catalina.realm.RealmBase - Checking constraint
> 'SecurityConstraint[Login
>
> DEBUG org.apache.catalina.realm.RealmBase - Checking constraint
> 'SecurityConstraint[Manager
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Calling
> hasUserDataPermission()
>
> DEBUG org.apache.catalina.realm.RealmBase - User data constraint has
> no restrictions
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Calling
> authenticate()
>
> DEBUG org.apache.catalina.authenticator.FormAuthenticator - Restore
> request from session 'E3C7DBE736DB74705622495DCE3A7D55'
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -
> Authenticated 'tester' with type 'FORM'
>
> DEBUG org.apache.catalina.authenticator.FormAuthenticator - Proceed to
> restored request
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Calling
> accessControl()
>
> DEBUG org.apache.catalina.realm.RealmBase - Checking roles
> GenericPrincipal[tester(testrole,user,)
>
> DEBUG org.apache.catalina.realm.RealmBase - Username tester does NOT
> have role admin
>
> DEBUG org.apache.catalina.realm.RealmBase - No role found: admin
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Failed
> accessControl() test
>
>
>
> The index page under /Jetspeed
>
>
>
> <form method="POST" action='/jetspeed/login/proxy'>
>
> Username
>
> <input type="text" size="30"
> name="org.apache.jetspeed.login.username" value="">
>
> Password
>
> <input type="password" size="30"
> name="org.apache.jetspeed.login.password">
>
> <input type="submit" value="Login">
>
> </form>
>
>
>