Developers, Developers, Developers! Maksim Sorokin IT Blog

13Oct/10Off

Basic Authentication in GlassFish 3

Here is asmall basic authentication how-to for a web application in GlassFish 3.

Open GlassFish Administrative Console. Go to Security->Realms->file.
Change Assign Groups to Users.
In the top of the page click Manage Users.
Click New. Specify User ID and Password. In Group List fill Users.

In your web.xml add the following:

<web-app>
...

  <security-constraint>
    <web-resource-collection>
        <web-resource-name>Secure Application</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>

    <auth-constraint>
        <role-name>Users</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
	<realm-name>file</realm-name>
  </login-config>

  <security-role>
	<role-name>Users</role-name>
  </security-role>
...
</web-app>

If you do not have sun-web.xml file, create one and place it the same folder as web.xml.
Define the following in sun-web.xml:

<sun-web-app error-url="">
...
  <security-role-mapping>
    <role-name>Users</role-name>
    <group-name>Users</group-name>
  </security-role-mapping>
</sun-web-app>

Note, that sun-web.xml has additional section security-role-mapping.

UPD.: Thanks to user "chrome" for clarifying needed section in sun-web.xml file.

Comments (3) Trackbacks (1)
  1. I’m certain all you need in sun-web.xml is the security-role-mapping element. what benefits of the other descriptor elements?

  2. Thanks! You are right, only security-role-mapping element is needed.

  3. I’m certain all you need in sun-web.xml is the security-role-mapping element. what benefits of the other descriptor elements


Leave a comment