[jboss-jira] [JBoss JIRA] Commented: (JBWEB-66) basic-auth broken

Mladen Turk (JIRA) jira-events at jboss.com
Fri Jul 28 13:15:11 EDT 2006 

    [ http://jira.jboss.com/jira/browse/JBWEB-66?page=comments#action_12340222 ] 
            
Mladen Turk commented on JBWEB-66:
----------------------------------

Hmm,

AFAICT it works, at least the XMLLogin.
Uncomment the
 <security-domain>java:/jaas/jmx-console</security-domain>
from jmx-console.war/WEB-INF/jboss-web.xml

and uncomment the <security-constraint> from the web.xml
in the same location.
You will be asked for the username admin/admin

I can not tell for sure if all the security providers are implemented,
but I suppose in that case you should see some classnotfound
exceptions.

> basic-auth broken
> -----------------
>
>                 Key: JBWEB-66
>                 URL: http://jira.jboss.com/jira/browse/JBWEB-66
>             Project: JBoss Web
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>    Affects Versions: JBoss Web Server 1.0.0 GA
>         Environment: Linux
>            Reporter: Mark Stewart
>         Assigned To: Mladen Turk
>
> Assuming that Jboss Web is configured identically to the web container in AS, it seems that basic-auth support is broken. That is, the server doesn't send a 401 for protected urls. 
> Here's the post I made three weeks ago on the Jboss Web Server forum: 
> "I have a webapp I usually run in JBoss AS that I'm trying to get running under JBossWeb. I've added the same entry to login-module.xml in the default/conf/ directory and a jboss-web.xml file whose <security-domain> tag points at the entry in default/deploy/<my-web-app.war>/WEB-INF. JBossWeb doesn't block the access to the protected pages, however."
> This is tested by the J2EE CTS so I guess JBossWeb wasn't tested against it (or the failure was ignored) prior to the GA release. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list