You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by "Hu, Yiguang" <Yi...@stercomm.com> on 2006/06/20 21:55:02 UTC

login proxy problem

I have the following login page under /jetspeed/index.jsp (not a
portlet). I don't have problem with admin users. But run into problem
with non-admin user. After I provide the credentials for the login, it
was redirected to /jetspeed/login/redirector servlet which report the
following "HTTP Status 403" on the page. If I do
localhost:8080/Jetspeed/portal, it will show me the default page though.
I also attached the Jetspeed.log file which says  "-  Failed
authenticate() test ??/jetspeed/login/j_security_check" and 

DEBUG org.apache.catalina.realm.RealmBase - Username tester does NOT
have role admin

 DEBUG org.apache.catalina.realm.RealmBase - No role found:  admin

 DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Failed
accessControl() test

 

 

Any help is appreciated.

Thanks


"HTTP Status 403 - Access to the requested resource has been denied

________________________________


type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested
resource has been denied) has been forbidden.

"

I saw this in the Jetspeed.log file:

DEBUG org.apache.catalina.realm.JAASRealm - JAAS LoginContext created
for username "tester"

 DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal "tester"
[org.apache.jetspeed.security.impl.UserPrincipalImpl

 DEBUG org.apache.catalina.realm.JAASRealm - Principal "tester" is a
valid user class. We will use this as the user Principal.

 DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal
"testrole" [org.apache.jetspeed.security.impl.RolePrincipalImp

l

 DEBUG org.apache.catalina.realm.JAASRealm - Adding role Principal
"testrole" to this user Principal's roles

 DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal "user"
[org.apache.jetspeed.security.impl.RolePrincipalImpl

 DEBUG org.apache.catalina.realm.JAASRealm - Adding role Principal
"user" to this user Principal's roles

 DEBUG org.apache.catalina.realm.JAASRealm - Username "tester"
successfully authenticated as Principal "{1}" -- Subject was cr

eated too

 DEBUG org.apache.catalina.authenticator.FormAuthenticator -
Authentication of 'tester' was successful

 DEBUG org.apache.catalina.authenticator.FormAuthenticator - Redirecting
to original '/jetspeed/login/redirector'

 DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Failed
authenticate() test ??/jetspeed/login/j_security_check

 DEBUG org.apache.catalina.connector.CoyoteAdapter -  Requested cookie
session id is E3C7DBE736DB74705622495DCE3A7D55

 DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Security
checking request GET /jetspeed/login/redirector

 DEBUG org.apache.catalina.realm.RealmBase -   Checking constraint
'SecurityConstraint[Login

 DEBUG org.apache.catalina.realm.RealmBase -   Checking constraint
'SecurityConstraint[Manager

 DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Calling
hasUserDataPermission()

 DEBUG org.apache.catalina.realm.RealmBase -   User data constraint has
no restrictions

 DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Calling
authenticate()

 DEBUG org.apache.catalina.authenticator.FormAuthenticator - Restore
request from session 'E3C7DBE736DB74705622495DCE3A7D55'

 DEBUG org.apache.catalina.authenticator.AuthenticatorBase -
Authenticated 'tester' with type 'FORM'

 DEBUG org.apache.catalina.authenticator.FormAuthenticator - Proceed to
restored request

 DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Calling
accessControl()

 DEBUG org.apache.catalina.realm.RealmBase -   Checking roles
GenericPrincipal[tester(testrole,user,)

 DEBUG org.apache.catalina.realm.RealmBase - Username tester does NOT
have role admin

 DEBUG org.apache.catalina.realm.RealmBase - No role found:  admin

 DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Failed
accessControl() test

 

The index page under /Jetspeed

 

<form method="POST" action='/jetspeed/login/proxy'>

        Username

        <input type="text" size="30"
name="org.apache.jetspeed.login.username" value="">

        Password

        <input type="password" size="30"
name="org.apache.jetspeed.login.password">

        <input type="submit" value="Login">

    </form>

Re: login proxy problem

Posted by Akshay Ahooja <ak...@gmail.com>.

If you are using a newer version of Tomcat it will do that to you unless you
explicitly define your user roles:

In web.xml under <security-constraint>

Instead of:
 <auth-constraint>
 <role-name>*</role-name>
 </auth-constraint>

Change to:
 <auth-constraint>
 <role-name>admin</role-name>
  <role-name>user</role-name>
  <role-name>manager</role-name>
 </auth-constraint>

And then try it - it should work...

HTH,

Akshay





On 6/20/06, Hu, Yiguang <Yi...@stercomm.com> wrote:
>
> I have the following login page under /jetspeed/index.jsp (not a
> portlet). I don't have problem with admin users. But run into problem
> with non-admin user. After I provide the credentials for the login, it
> was redirected to /jetspeed/login/redirector servlet which report the
> following "HTTP Status 403" on the page. If I do
> localhost:8080/Jetspeed/portal, it will show me the default page though.
> I also attached the Jetspeed.log file which says  "-  Failed
> authenticate() test ??/jetspeed/login/j_security_check" and
>
> DEBUG org.apache.catalina.realm.RealmBase - Username tester does NOT
> have role admin
>
> DEBUG org.apache.catalina.realm.RealmBase - No role found:  admin
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Failed
> accessControl() test
>
>
>
>
>
> Any help is appreciated.
>
> Thanks
>
>
> "HTTP Status 403 - Access to the requested resource has been denied
>
> ________________________________
>
>
> type Status report
>
> message Access to the requested resource has been denied
>
> description Access to the specified resource (Access to the requested
> resource has been denied) has been forbidden.
>
> "
>
> I saw this in the Jetspeed.log file:
>
> DEBUG org.apache.catalina.realm.JAASRealm - JAAS LoginContext created
> for username "tester"
>
> DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal "tester"
> [org.apache.jetspeed.security.impl.UserPrincipalImpl
>
> DEBUG org.apache.catalina.realm.JAASRealm - Principal "tester" is a
> valid user class. We will use this as the user Principal.
>
> DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal
> "testrole" [org.apache.jetspeed.security.impl.RolePrincipalImp
>
> l
>
> DEBUG org.apache.catalina.realm.JAASRealm - Adding role Principal
> "testrole" to this user Principal's roles
>
> DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal "user"
> [org.apache.jetspeed.security.impl.RolePrincipalImpl
>
> DEBUG org.apache.catalina.realm.JAASRealm - Adding role Principal
> "user" to this user Principal's roles
>
> DEBUG org.apache.catalina.realm.JAASRealm - Username "tester"
> successfully authenticated as Principal "{1}" -- Subject was cr
>
> eated too
>
> DEBUG org.apache.catalina.authenticator.FormAuthenticator -
> Authentication of 'tester' was successful
>
> DEBUG org.apache.catalina.authenticator.FormAuthenticator - Redirecting
> to original '/jetspeed/login/redirector'
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Failed
> authenticate() test ??/jetspeed/login/j_security_check
>
> DEBUG org.apache.catalina.connector.CoyoteAdapter -  Requested cookie
> session id is E3C7DBE736DB74705622495DCE3A7D55
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Security
> checking request GET /jetspeed/login/redirector
>
> DEBUG org.apache.catalina.realm.RealmBase -   Checking constraint
> 'SecurityConstraint[Login
>
> DEBUG org.apache.catalina.realm.RealmBase -   Checking constraint
> 'SecurityConstraint[Manager
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Calling
> hasUserDataPermission()
>
> DEBUG org.apache.catalina.realm.RealmBase -   User data constraint has
> no restrictions
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Calling
> authenticate()
>
> DEBUG org.apache.catalina.authenticator.FormAuthenticator - Restore
> request from session 'E3C7DBE736DB74705622495DCE3A7D55'
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -
> Authenticated 'tester' with type 'FORM'
>
> DEBUG org.apache.catalina.authenticator.FormAuthenticator - Proceed to
> restored request
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Calling
> accessControl()
>
> DEBUG org.apache.catalina.realm.RealmBase -   Checking roles
> GenericPrincipal[tester(testrole,user,)
>
> DEBUG org.apache.catalina.realm.RealmBase - Username tester does NOT
> have role admin
>
> DEBUG org.apache.catalina.realm.RealmBase - No role found:  admin
>
> DEBUG org.apache.catalina.authenticator.AuthenticatorBase -  Failed
> accessControl() test
>
>
>
> The index page under /Jetspeed
>
>
>
> <form method="POST" action='/jetspeed/login/proxy'>
>
>         Username
>
>         <input type="text" size="30"
> name="org.apache.jetspeed.login.username" value="">
>
>         Password
>
>         <input type="password" size="30"
> name="org.apache.jetspeed.login.password">
>
>         <input type="submit" value="Login">
>
>     </form>
>
>
>