I have the following security configuration in my web.xml. I am using IBM WAS and opted for AD Authentication for my app. As part of AD configuration I have Mapped the TEST role to an AD Group. Now each time i do a deployment, the mapping is vanishing. Is there way to persist the mapping?
<security-role>
<description>Test</description>
<role-name>TEST</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/test/*</url-pattern>
<url-pattern>/rock/index.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>TEST</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/rock/signon/login.html</form-login-page>
<form-error-page>/rock/signon/login.html</form-error-page>
</form-login-config>
</login-config>
There are two ways to do this
using ibm-application-bnd.xml and application.xml in ear/META-INF
configuring the WAS script to make the changes.
I have not explored the second option, but i resolved the deployment problem using the first approach
ibm-application-bnd.xml
<?xml version="1.0" encoding="UTF-8"?>
<application-bnd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_2.xsd"
xmlns="http://websphere.ibm.com/xml/ns/javaee"
version="1.2">
<security-role name="ROLE">
<group name="LDAP GROUP" />
</security-role>
</application-bnd>
application.xml
<?xml version="1.0" encoding="UTF-8"?>
<application xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_6.xsd" version="6">
<display-name>rest-ear</display-name>
<module>
<web>
<web-uri>rest-1.0.0-SNAPSHOT.war</web-uri>
<context-root>/rest</context-root>
</web>
</module>
<security-role>
<role-name>ROLE</role-name>
</security-role>
</application>
Related
I want to use Spring Security but I'm getting 404 error in the web.xml page after adding spring security tag in the web.xml page. If I remove the security tags in the web.xml then the .jsp pages are running the local host. I am unable to figure out the problem in the tags in the web.xml. Please help me in finding the problem. I have given all the XML codes.
Below is my code snippet from my project.
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>Spring Web Application</display-name>
<!-- changed -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>spring-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>spring-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
This is my dispatcher.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:ctx="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-2.5.xsd ">
<ctx:annotation-config></ctx:annotation-config>
<ctx:component-scan base-package="com.springMvc"></ctx:component-scan>
<ctx:component-scan base-package="com.springSecurity"></ctx:component-scan>
</beans:beans>
The spring security xml is given:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:ctx="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<http>
<intercept-url pattern="/helloSecurity*" access="ROLE_USER" />
<http-basic/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="sjit" password="123" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
I am working on a project using Spring 4 MVC, AngularJS, and Websphere 7. When I build my application as a war and install it through the Websphere 7 admin console everything works fine. However, I need my war wrapped in an EAR (not the generic EAR that websphere automatically wraps it in). So I created a seperate project that takes the WAR and wraps it in an EAR.
When I go to the url http://localhost:9080/public/myapp then I get a 404 that it can't find the resources. When I add a trailing slash on it like this http://localhost:9080/public/myapp/ then it redirects to the index.html resource just fine. I need it to find the index.html when I go to the url without the trailing slash. How can I get that to work?
Here's my configuration files:
application.xml in the EAR
<?xml version="1.0" encoding="UTF-8"?>
<application xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd" version="5">
<display-name>myapp-ear</display-name>
<module>
<web>
<web-uri>myapp-web-2.0-SNAPSHOT.war</web-uri>
<context-root>/public/myapp</context-root>
</web>
</module>
</application>
ibm-web-bnd.xml in the WAR
<?xml version="1.0" encoding="UTF-8"?>
<web-bnd xmlns="http://websphere.ibm.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-web-bnd_1_0.xsd"
version="1.0">
<virtual-host name="default_host"/>
<resource-ref name="UwProfileDataSource" binding-name="jdbc/uwprofile"></resource-ref>
</web-bnd>
web.xml in the WAR
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<servlet>
<servlet-name>myapp</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>myapp</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<resource-ref>
<description>myapp Service</description>
<res-ref-name>UwProfileDataSource</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
</web-app>
myapp-servlet.xml in the WAR
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:component-scan base-package="com.myapp"/>
<mvc:annotation-driven/>
<mvc:default-servlet-handler/>
<mvc:resources mapping="/**" location="classpath:/app/"/>
<mvc:view-controller path="/" view-name="forward:/index.html" />
<bean id="uwProfileDataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName"><value>UwProfileDataSource</value></property>
<property name="resourceRef"><value>true</value></property>
</bean>
</beans>
I'm trying to map user groups using ibm-application-bnd.xml. Put it into META-INF folder. On try to access secure page get next message:
[08.05.15 17:42:21:242 MSK] 00000084 WebCollaborat A SECJ0129E: ... GET в null:/loginmodule/date/, Authorization failed, Not granted any of the required roles: user-role
When I try configure it with ibm console it works. All configuration WAS writes into ibm-application-bnd.xmi instead of ibm-application-bnd.xml.
What do I wrong?
Using Websphere AS 8.5.5 with Java 1.6
ibm-application-bnd.xml:
<?xml version="1.0" encoding="UTF-8"?>
<application-bnd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://websphere.ibm.com/dxml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_2.xsd"
xmlns="http://websphere.ibm.com/xml/ns/javaee" version="1.2">
<security-role name="user-role">
<group name="user-group" />
</security-role>
</application-bnd>
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>Constraint</display-name>
<web-resource-collection>
<web-resource-name>secrets</web-resource-name>
<description />
<url-pattern>/date/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user-role</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>user-role</role-name>
</security-role>
<servlet>
<servlet-name>date</servlet-name>
<servlet-class>ru.servlet.TimeServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>date</servlet-name>
<url-pattern>/date/*</url-pattern>
</servlet-mapping>
</web-app>
WebSphere Application Server uses XML for EE 5+ only, and that decision is made on a per-deployment descriptor basis. If ibm-application-bnd.xmi is being used, then I suspect your application.xml has version="1.4" or lower, so try again after updating to an EE 5 XML header (remove doctype, add xmlns, add xmlns:xsi, add xsi:schemaLocation, update version attribute).
I had to change the version in my ear POM maven-ear-plugin. Because default it generates a 1.3 application.xml so the Websphere server only expect a ibm-application-bnd.xmi file and not a ibm-application-bnd.xml file
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-ear-plugin</artifactId>
<configuration>
<version>6</version>
<security>
<security-role>
<role-name>manager</role-name>
</security-role>
</security>
<modules>
<webModule>
<groupId>${project.groupId}</groupId>
<artifactId>my-war</artifactId>
<contextRoot>/my-app</contextRoot>
</webModule>
</modules>
</configuration>
Thanks to bkail
I've followed this tutorial http://blog.gamatam.com/2009/11/jdbc-realm-setup-with-glassfish-v3.html
The problem is that I get login dialog again and again like pass is wrong (and never page), but I clearly see values in DB. Pass is MD5 of the word 'admin'.
So how to debug it?
Here are the settings and printscreens: http://codepad.org/jHNRpAta
And here is web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<description/>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>security</realm-name>
</login-config>
<security-role>
<description/>
<role-name>USER</role-name>
</security-role>
<security-role>
<description/>
<role-name>ADMIN</role-name>
</security-role>
</web-app>
And here is glassfish-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
<security-role-mapping>
<role-name>USER</role-name>
<group-name>USER</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ADMIN</role-name>
<group-name>ADMIN</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</glassfish-web-app>
I'd like to protect a single .jsp-page from anonymous access. I'm trying to do that the following way:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>
t-webapp</display-name>
<servlet>
<servlet>
<description>
</description>
<display-name>
ZServlet</display-name>
<servlet-name>ZServlet</servlet-name>
<servlet-class>
a.b.c.d.application.t.ZServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ZServlet</servlet-name>
<url-pattern>/ZServlet</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>
TTests</display-name>
<web-resource-collection>
<web-resource-name>TTests</web-resource-name>
<url-pattern>/ttests.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>TRACE</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint>
<description>
TServletRoles</description>
<role-name>role_admin1</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
role_admin1</description>
<role-name>role_admin1</role-name>
</security-role>
But whenever I'm accessing ttests.jsp, I'm getting access immediately - without having to fill username/password... what am I missing?
Thanks a lot!
The first step would be to make sure that global security is enabled on your websphere profile with the Enable application security check box checked.