How do I do it?
This all seems over-complicated with all kinds of weirdness.
I have
<security-constraint>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
Security constraint for resources in the secure directory
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
only let the system manager login
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint>
SSL not required
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>
FORM
</auth-method>
<realm-name>
other
</realm-name>
<form-login-config>
<form-login-page>
/login.html
</form-login-page>
<form-error-page>
/loginerror.html
</form-error-page>
</form-login-config>
</login-config>
<security-role>
The Secure ROLE
<role-name>manager</role-name>
</security-role>
and in auth.conf (which is a TOTAL MYSTERY to me, can anyone help?):
// The default server login module
other {
// A simple server login module, which can be used when the number
// of users is relatively small. It uses two properties files:
// users.properties, which holds users (key) and their password (value).
// roles.properties, which holds users (key) and a comma-separated list of their roles (value).
// The unauthenticatedIdentity property defines the name of the principal
// that will be used when a null username and password are presented as is
// the case for an unuathenticated web client or MDB. If you want to
// allow such users to be authenticated add the property, e.g.,
// unauthenticatedIdentity="nobody"
org.jboss.security.auth.spi.UsersRolesLoginModule required
;
When I access my application, it flips to the login form, but when I submit blank user name and password 3 times, it goes into the welcome page!
Also, how do I explicitly log out?
What is all this about? Where can I get some simple help on all this. It's all just gone too weird for me, a bog standard VMS-raised bit-twiddler to understand!