I'm tried this configuration but it didn't work for me. Basic Authentication in Glassfish I also tried this guide http://maksim.sorokin.dk/it/2010/10/13/basic-authentication-in-glassfish-3/ but I couldn't get user-pass asking with it too.
These are steps I've taken:
1. Login as admin to Admin interface.
2. Go to Security->Realms->File
3. Add a group name (Users) to Assign Groups field.
4. Open manage users at the top of the page.
5. Click New and add an user (testuser) and give a password.
6. Add (Users) to Group List.
7. put this lines to web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Application</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
<security-role>
<role-name>User</role-name>
</security-role>
8. and put this lines to sun-web.xml
<sun-web-app error-url="">
<security-role-mapping>
<role-name>User</role-name>
<group-name>Users</group-name>
</security-role-mapping>
</sun-web-app>
9. After all I enabled Configurations->server-config->Security->Security Manager
My configuration is Glassfish 3.1, sun java6 jdk, Debian lenny and a simple "Hello World" page for testing.
What is missing here?
UPDATE:
I figured out it needs xml headers. After I've added them it started to work. My final configuration is below:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Application</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
<security-role>
<role-name>Users</role-name>
</security-role>
</web-app>
and
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
<security-role-mapping>
<role-name>Users</role-name>
<group-name>Users</group-name>
</security-role-mapping>
</sun-web-app>
You may try this guide: http://download.oracle.com/docs/cd/E19798-01/821-1750/beaxw/index.html I heard that web.xml sometimes not work properly. I had same problem but cannot test it now.