Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

J2EE authorization

 
Blazej Karmelita
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello!
The problem is: J2EE somehow does not authorize my users on j2sdkee 1.2.
--------------------------------------------------
I've user the realm tool to create users on the server. I've created the group called 'joefriends':
realmtool -addGroup joefriends

Then I've created the user named 'blaza' and added him to the group 'joefriends':
realmtool -add blaza somepassword joefriends

Next I've written some simple servlet that intercepts any requests in context /go/*
manages the session, checks if the user is in specified role and forwards the request to the resource called hello.jsp.
I've also set the security constraints for this resource: there is a piece of code from deployment descriptor:

<security-constraint>
<web-resource-collection>
<web-resource-name>WebResourceCollection</web-resource-name>
<url-pattern>/go/hello.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Authorized</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

The application has been created in Together 5.5 and all deployment files has been generated using this tool. The application has been deployed using Sun's deploytool. The role 'Authorized' has been defined for the application to use.

1. The application is running
2. It does authentify my user blaza and lets him see the hello.jsp page.
3. The servlet does NOT recognize the role Authorized.

I'm using request.isUserInRole("Authorized") method and it returns false.

There is a piece of code from deployment descriptor configuring the resource hello.jsp:

<servlet>
<servlet-name>hello</servlet-name>
<jsp-file>hello.jsp</jsp-file>
<security-role-ref>
<role-name>link</role-name>
<role-link>Authorized</role-link>
</security-role-ref>
</servlet>

I'm checkin also request.isUserInRole("link") but it does not work too.
--------------------------------------------------

I would like to use declarative authorization in my J2EE app.
I have prepared some JSP custom tags for dynamic content generating depanding on the Role that the logged user is "playing". The web components should recognize this role.

Would You help me, please.
[ February 02, 2002: Message edited by: Blazej Karmelita ]
[ February 02, 2002: Message edited by: Blazej Karmelita ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!