i have a problem with security constraint...
in the web-xml i have:
<security-constraint>
<web-resource-collection>
<web-resource-name>all</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>everyone</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>allAdmin</web-resource-name>
<url-pattern>/WebLogHelper.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>sysadm</role-name>
</auth-constraint>
</security-constraint>
what that i want is that webloghelper.jsp is usable only from sysadm role and all the other from everyone role.
in the roles.properties i have...
USERA=everyone,sysadm
USERB=everyone
so USERB could not access to webloghelper.jsp, instead USERA can do it..
but...
ALL users can access the webloghelper.jsp resource!
Why?
Using Websphere this works!
i'm using jboss 3.2.3
thank you!