0 Replies Latest reply on Aug 31, 2004 5:32 AM by roberto

    security constraint problem

    roberto Aug 31, 2004 5:32 AM

      i have a problem with security constraint...

      in the web-xml i have:

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>all</web-resource-name>
      <url-pattern>*.jsp</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>everyone</role-name>
      </auth-constraint>
      </security-constraint>
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>allAdmin</web-resource-name>
      <url-pattern>/WebLogHelper.jsp</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>sysadm</role-name>
      </auth-constraint>
      </security-constraint>

      what that i want is that webloghelper.jsp is usable only from sysadm role and all the other from everyone role.

      in the roles.properties i have...


      USERA=everyone,sysadm
      USERB=everyone

      so USERB could not access to webloghelper.jsp, instead USERA can do it..

      but...

      ALL users can access the webloghelper.jsp resource!
      Why?

      Using Websphere this works!

      i'm using jboss 3.2.3

      thank you!

      • 2353 Views
      • Tags: