This week's book giveaway is in the HTML/CSS/JavaScript forum.
We're giving away four copies of Practical SVG and have Chris Coyier on-line!
See this thread for details.
Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Form authentication when not in a role

 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've run into a problem where we are running against a clients existing LDAP server for authenticating against our app. We're using form based authentication and have roles defined for 'privileged' and 'admin' users, but the client would like anyone who can authenticate to have read-only access.

I need to define a security constraint that allows any authenticated user, regardless of role. I've tried things like this:


but while I can still login with users and admins, it returns a 403 if the user does not have any groups defined. Thoughts?
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The minimum level I was able to get to was this:
All users must be associated with a group and you need to know what that group is.

auth-constraint/role-name * is OK
the role must defined in a security-role/role-name entry

If you jave the '*' but do not map the role, the user will always get a 403 error.
 
This parrot is no more. It has ceased to be. Now it's a tiny ad:
the new thread boost feature brings a LOT of attention to your favorite threads
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!