[jboss-user] [JBoss Portal] - Re: Is this a JBP 2.6.1 bug? (403 Error From Dashboard Link)
gspillman
do-not-reply at jboss.com
Thu Sep 27 12:12:06 EDT 2007
I am having the same problem, but NM-156's solution of ordering the login modules does not fix it.
I am using JBP 2.6.1 + JBoss AS 4.2.1 distribution, and am running it on Windows XP Pro.
Also using the NTLM login module from the http://jaaslounge.sourceforge.net project.
Here are the jar files added from JaasLounge to server\default\lib
jaaslounge-1.0.0RC1.jar
jcifs-1.1.11.jar
jcifs-ext-0.9.4.jar
Here is my server\default\deploy\jboss-portal.sar\conf\login-config.xml:
| <application-policy name="portal">
| <authentication>
| <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="optional">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
| <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
| <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
| <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
| <module-option name="additionalRole">Authenticated</module-option>
| <module-option name="password-stacking">useFirstPass</module-option>
| </login-module>
|
| <login-module code="org.jaaslounge.ntlm.NtlmLoginModule" flag="required">
| <module-option name="debug">true</module-option>
| <module-option name="mode">JBoss</module-option>
| <module-option name="domain">DUMMYDOMAIN</module-option>
| <module-option name="host">WINNT-SVR-VM</module-option>
| <module-option name="additionalRole">Authenticated</module-option>
| </login-module>
|
| <login-module code="org.jboss.portal.identity.auth.SynchronizingLoginModule" flag="optional">
| <module-option name="synchronizeIdentity">true</module-option>
| <module-option name="synchronizeRoles">true</module-option>
| <module-option name="additionalRole">Authenticated</module-option>
| <module-option name="defaultAssignedRole">User</module-option>
| <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
| <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
| <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
| <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
Simply adding the jars from JaasLounge, and configuring login-config.xml will allow users to login using thier Windows Domain user and password. However, clicking on the Dashboard link produces the follow page:
HTTP Status 403 -
--------------------------------------------------------------------------------
type Status report
message
description Access to the specified resource () has been forbidden.
--------------------------------------------------------------------------------
JBossWeb/2.0.0.GA
I have also modified server\default\conf\jboss-log4j.xml to expose portal security messages using:
| <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
| <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
| <param name="Target" value="System.out"/>
| <param name="Threshold" value="TRACE"/>
|
| <layout class="org.apache.log4j.PatternLayout">
| <!-- The default pattern: Date Priority [Category] Message\n -->
| <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{1}.%M] %m%n"/>
| </layout>
| </appender>
| <category name="org.jboss.portal.security">
| <priority value="TRACE" />
| </category>
|
This produced the following lines when clicking on the Dashboard link:
TRACE [JACCPortalAuthorizationManager.checkPermission] hasPermission:uri=dashboard:/portal/user::action=portalobject::type=portalobject
TRACE [JACCPortalAuthorizationManager.checkPermission] hasPermission:result=false
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4089392#4089392
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4089392
More information about the jboss-user
mailing list