security - Accessing Glassfish container managed login page using iPhone Safari from outside LAN results in "server stopped responding" error -


question

how allow unauthenticated users served login.xhtml jsf2.0 facelet page on https when attempting access security constrained resources or otherwise requiring login authentication.

current implementation

i'm developing netbeans 7.3. server glassfigh 3.1.2.2. using primefaces 3.5 components. security container managed under jdbcrealm. have followed pattern described helpfully balusc's answer @ performing user authentication in java ee / jsf using j_security_check.

basically:

  • declarative security using deployment descriptor
  • form based authentication (full jsf component facelet login.xhtml using @viewscoped @managedbean programmatic login using servlet 3.0 httpservletrequest.login())
  • jdbc realm

everything works great , required when run program localhost machine or machine on lan. index.xhtml welcome file under web.xml , protected under security constraint.

<form-login-page>/login.xhtml</form-login-page>  

is presented when context root hit browser. login.xhtml under security constraint purpose of requiring confidential under user-data-constraint. applies https login form how i'm answering own question above.

problem

whenever try load page iphone using standard safari browser outside lan (from internet) server stopped responding error after see switch url http 8080 port https 8181 port.

info: jacc policy provider:failed permission check: context (" webapplication2/webapplication2 ") , permission (" ("javax.security.jacc.webuserdatapermission" "/login.xhtml" "get") ")

message in netbeans glassfigh output window. why not work same on lan?

thoughts

this current web.xml not specify auth-constraint element "secure login" security-constraint because java ee 6 tutorial says "if there no authorization constraint, container must accept request without requiring user authentication". if specify auth-constraint * role-name application still behaves same (same problem). if give application role name user never resolved role in first place. implementation pattern entirely wrong begin with?

code

my web.xml

<?xml version="1.0" encoding="utf-8"?> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">     <context-param>         <param-name>javax.faces.project_stage</param-name>         <param-value>development</param-value>     </context-param>     <context-param>         <param-name>primefaces.theme</param-name>         <param-value>#{loggedinuser.preferences.theme}</param-value>     </context-param>     <servlet>         <servlet-name>faces servlet</servlet-name>         <servlet-class>javax.faces.webapp.facesservlet</servlet-class>         <load-on-startup>1</load-on-startup>     </servlet>     <servlet-mapping>         <servlet-name>faces servlet</servlet-name>         <url-pattern>*.xhtml</url-pattern>     </servlet-mapping>     <session-config>         <session-timeout>10</session-timeout>     </session-config>     <welcome-file-list>         <welcome-file>index.xhtml</welcome-file>     </welcome-file-list>     <security-constraint>         <display-name>index</display-name>         <web-resource-collection>             <web-resource-name>index</web-resource-name>             <description/>             <url-pattern>/index.xhtml</url-pattern>         </web-resource-collection>         <auth-constraint>             <description/>             <role-name>admin</role-name>         </auth-constraint>     </security-constraint>     <security-constraint>         <display-name>secure login</display-name>         <web-resource-collection>             <web-resource-name>login.xhtml</web-resource-name>             <description/>             <url-pattern>/login.xhtml</url-pattern>         </web-resource-collection>         <user-data-constraint>             <description/>             <transport-guarantee>confidential</transport-guarantee>         </user-data-constraint>     </security-constraint>     <login-config>         <auth-method>form</auth-method>         <realm-name>jdbc-realm</realm-name>         <form-login-config>             <form-login-page>/login.xhtml</form-login-page>             <form-error-page>/loginerror.xhtml</form-error-page>         </form-login-config>     </login-config>     <security-role>         <description/>         <role-name>admin</role-name>     </security-role> </web-app> 


Comments

Popular posts from this blog

SPSS keyboard combination alters encoding -

Add new record to the table by click on the button in Microsoft Access -

CSS3 Transition to highlight new elements created in JQuery -