0

Good day!

I am currently testing my newly developed Web Application (Online Public Access Catalog) online using Jelastic as the web hosting site. The Web App is working perfectly when I deploy it on my computer locally. After deploying it in Jelastic, it displays the home page (unsecured page). But when I tried to access any secure page of the Web App (https), like clicking the "Login" button or "Sign Up" button, the Mozilla Firefox browser displays an error "The page isn't redirecting properly". In Chromium, it displays an error "This web page has a redirect loop". I have turned on SSL on my Jelastic account. When I look at the server logs, it gives me this error:

JACC Policy Provider: Failed Permission Check, context(ROOT/ROOT)- permission(("javax.security.jacc.WebUserDataPermission" "/logMeIn.do" "GET"))

Everything works fine except for this situation. I think it has something to do with the security configurations of the server or a bug, but I tried searching it for days but can't find any solution.

Could someone help me fix this?

Here is the security part of the web.xml file.

<security-constraint>
        <display-name>AdminSecurityConstraint</display-name>
        <web-resource-collection>
            <web-resource-name>AdminWebResource</web-resource-name>
            <description/>
            <url-pattern>/administerDB.do</url-pattern>
            <url-pattern>/viewBooks.do</url-pattern>
            <url-pattern>/addBooks.do</url-pattern>
            <url-pattern>/processAddingOfBooks.do</url-pattern>
            <url-pattern>/addingOfBooksSuccessful.do</url-pattern>
            <url-pattern>/editBooks.do</url-pattern>
            <url-pattern>/editBooksForm.do</url-pattern>
            <url-pattern>/addingOfBooksFailed.do</url-pattern>
            <url-pattern>/bookNumberNotFound.do</url-pattern>
            <url-pattern>/processEditingOfBooks.do</url-pattern>
            <url-pattern>/removeBooks.do</url-pattern>
            <url-pattern>/processRemovingOfBook.do</url-pattern>
            <url-pattern>/editSuccess.do</url-pattern>
            <url-pattern>/removeBookSuccessful.do</url-pattern>
            <url-pattern>/noChanges.do</url-pattern>
            <url-pattern>/changeAccountSettings.do</url-pattern>
            <url-pattern>/bookNumberNotFoundDel.do</url-pattern>
            <url-pattern>/logMeOut.do</url-pattern>
            <url-pattern>/logMeIn.do</url-pattern>
            <url-pattern>/confirmAdminChanges.do</url-pattern>
            <url-pattern>/viewBookRequests.do</url-pattern>
            <url-pattern>/verifyAccount.do</url-pattern>
            <url-pattern>/removeBorrowRequest.do</url-pattern>
            <url-pattern>/Admin/*</url-pattern>
            <url-pattern>/Delete/*</url-pattern>
            <url-pattern>/Insert/*</url-pattern>
            <url-pattern>/Select/*</url-pattern>
            <url-pattern>/Update/*</url-pattern>
            <url-pattern>/viewReturnedBooks.do</url-pattern>
            <url-pattern>/verifyBookReturn.do</url-pattern>
            <http-method>GET</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>Admin</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description/>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <security-constraint>
        <display-name>MemberSecurityConstraint</display-name>
        <web-resource-collection>
            <web-resource-name>MemberWebResource</web-resource-name>
        <description/>
            <url-pattern>/logMeOut.do</url-pattern>
            <url-pattern>/logMeIn.do</url-pattern>
        <url-pattern>/memberPage.do</url-pattern>
            <url-pattern>/processBorrowRequest.do</url-pattern>
            <url-pattern>/removeBorrowRequest.do</url-pattern>
            <url-pattern>/Member/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>Member</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description/>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <security-constraint>
        <display-name>GuestSecurityConstraint</display-name>
        <web-resource-collection>
            <web-resource-name>IndexWebResource</web-resource-name>
            <description/>
            <url-pattern>/index.jsp</url-pattern>
            <url-pattern>/advancedSearch.do</url-pattern>
            <url-pattern>/signMeUp.do</url-pattern>
            <url-pattern>/confirmSignup.do</url-pattern>
            <url-pattern>/errorBookNotFound.do</url-pattern>
            <url-pattern>/sortMyBook.do</url-pattern>
            <url-pattern>/sortMyBookAdvanced.do</url-pattern>
            <url-pattern>/Search/*</url-pattern>
            <url-pattern>/Login/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <user-data-constraint>
            <description/>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>OpacRealm</realm-name>
        <form-login-config>
            <form-login-page>/Login/loginPage.html</form-login-page>
            <form-error-page>/Login/loginError.html</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <description/>
        <role-name>Admin</role-name>
    </security-role>
    <security-role>
        <description/>
        <role-name>Member</role-name>
    </security-role>

And here is the sun-web.xml file.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
  <security-role-mapping>
    <role-name>Admin</role-name>
    <group-name>Admin</group-name>
  </security-role-mapping>
  <security-role-mapping>
    <role-name>Member</role-name>
    <group-name>Member</group-name>
  </security-role-mapping>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</sun-web-app>

Thanks in advance... And also, how could I make the above code correct in the web.xml file since it seems that the code from Admin/* is read as comment rather than a part of the code. Thanks...

Dennis Kriechel
  • 3,719
  • 14
  • 40
  • 62
ITLink CodeHack
  • 1
  • 1
  • What versions of Glassfish and JDK are you using? It will be useful if you provide a link to the your application. – Aless May 07 '15 at 17:02
  • The version of GlassFish Server is 4.1 with JDK 8. It think my Jelastic account is going to expire a few days from now. I hope you could help me. Here is the link --> http://icplopac.jelastic.servint.net/OPACWSJSPClient/ – ITLink CodeHack May 08 '15 at 18:40

1 Answers1

0

I have checked the provided URL and it's looks like that you did not configured the SSL at the Jelastic account.

502

In case if there were problems with the deployed application the error code would be like as 502 application down or 500 Internal Server Error.

To solve the Permission Check issue you may try to update web.xml configuration file and add the following content into the web-app section:

<security-constraint>
<web-resource-collection>
    <web-resource-name>Protected Context</web-resource-name>
    <url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you require authentication -->
<user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Also, I suppose that mentioned application is deployed like as multiple application. If you develop multiple applications that require more than this default set of permissions, you can add the custom permissions that your applications need. The com.sun.aas.instanceRoot variable refers to the domain-dir. For example:

grant codeBase "file:${com.sun.aas.instanceRoot}/applications/-" {
...
}

You can add permissions to stub code with the following grant block:

grant codeBase "file:${com.sun.aas.instanceRoot}/generated/-" {
...
}

In general, you should add extra permissions only to the applications or modules that require them, not to all applications deployed to a domain. For example:

grant codeBase "file:${com.sun.aas.instanceRoot}/applications/MyApp/-" {
...
}

For a module:

grant codeBase "file:${com.sun.aas.instanceRoot}/applications/MyModule/-" {
...
}

The Permissions settings file is server.policy located at /opt/shared/glassfish/domains/domain1/config/server.policy

Wish you good luck and please keep me posted)

leo
  • 346
  • 1
  • 7
  • Thanks for your response @leo. I tried configuring the SSL of the Web Application by turning on the SSL in the Jelastic configuration a few days ago. But I got a "The page isn't redirecting properly" error in Mozilla Firefox when I accessed other resources other than the home page. It tried searching on Google and they suggests that it has something to do with Nginx configuration, but I didn't use Nginx. I'll try suggestion and update my post here. By the way leo, what do you mean with your statement " is deployed like as multiple application"? Thanks. I have turned on SSL for now. – ITLink CodeHack May 10 '15 at 02:19
  • In Chromium, I got a "This webpage has a redirect loop" error (not tried leo's suggestion yet) – ITLink CodeHack May 10 '15 at 02:29
  • Another thing, I didn't mention about this. I am using a separate web service for accessing database (one deployed app) and a client application that consumes the web service (the one deployed in https://icplopac.jelastic.servint.net/OPACWSJSPClient/). I think this is what you meant @leo about having multiple apps... – ITLink CodeHack May 10 '15 at 03:00
  • Hi there, as I can see the https is working now https://icplopac.jelastic.servint.net/OPACWSJSPClient/ what was the problem? – leo May 10 '15 at 09:47
  • The problem @leo is that when I try to access a protected web page, I got the error "The page isn't redirecting properly". Try clicking the "Login" or "Sign Up" button on upper right side of the home page. That's one of the protected page I setup in the web.xml. I'll update the question leo. Thanks for pointing this out. – ITLink CodeHack May 11 '15 at 10:16