[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[jetty-users] security-constraint auth-constraint role-name * (asterisk) fails
|
Hi All. I'm learning Jetty embedded ( jetty-all-8.1.3.v20120416.jar ) and I
have a dead simple servlet that I've enabled a <security-constraint> (HTTP
BASIC) on. My two unit tests that check authorization correctly pass and
fail (one makes the request using the username and password in my
realm.properties, and the other tries to connect with no authentication)
when I have <role-name>users</role-name>, but fail for
<role-name>*</role-name>. JUnit summary of incorrect results (see method
definitions below):
testPingServletAuthenticated(): Expected: OK, Actual: Forbidden
testPingServletUnauthenticated(): Passed
File snippets are included below ('====' separates them). I hope that's
enough information. Thanks in advance! -- matt
==== web.xml ====
servlet-mapping
servlet-name: hello-servlet
url-pattern: /hello-web-xml
security-constraint
url-pattern: /*
auth-constraint:
role-name: users
login-config
auth-method: BASIC
realm-name: test security realm
security-role
role-name: users
==== realm.properties ====
theuser:password,users
==== HelloServlet.java ====
very simple doGet()
==== JettySetupTest.java ====
public static void startJettyServer() throws Exception {
WebAppContext webAppContext = new WebAppContext();
webAppContext.setDescriptor("out/artifacts/diy_embedded_testing_war_exploded/WEB-INF/web.xml");
webAppContext.setResourceBase("out/artifacts/diy_embedded_testing_war_exploded/");
webAppContext.setContextPath(CONTEXT_PATH);
webAppContext.setParentLoaderPriority(true); // Q: needed?
LoginService loginService = new HashLoginService("test security
realm", "test/embed/realm.properties"); // NB: must match realm name in
web.xml's <login-config><realm-name>
webAppContext.getSecurityHandler().setLoginService(loginService);
SERVER = new Server(PORT);
SERVER.setHandler(webAppContext);
SERVER.start();
}
@Test
public void testPingServletAuthenticated() throws IOException {
Client client = Client.create();
WebResource webResource = client.resource(BASE_URL +
"/hello-web-xml"); // http://localhost:8080/app/hello-web-xml
webResource.addFilter(new HTTPBasicAuthFilter("theuser",
"password"));
ClientResponse clientResponse = webResource
.accept(MediaType.TEXT_PLAIN)
.get(ClientResponse.class); // @GET
assertEquals(ClientResponse.Status.OK,
clientResponse.getClientResponseStatus());
assertEquals(HelloServlet.GREETING + "\n",
clientResponse.getEntity(String.class));
}
@Test
public void testPingServletUnauthenticated() throws IOException {
Client client = Client.create();
WebResource webResource = client.resource(BASE_URL +
"/hello-web-xml"); // http://localhost:8080/app/hello-web-xml
ClientResponse clientResponse = webResource
.accept(MediaType.TEXT_PLAIN)
.get(ClientResponse.class); // @GET
assertEquals(ClientResponse.Status.UNAUTHORIZED,
clientResponse.getClientResponseStatus());
}
--
View this message in context: http://jetty.4.n6.nabble.com/security-constraint-auth-constraint-role-name-asterisk-fails-tp4958675.html
Sent from the Jetty User mailing list archive at Nabble.com.