2 Replies Latest reply on Jul 10, 2003 5:11 PM by sundaram

    Multiple Roles

    worthe

      Hi, I have a system setup using DatabaseServerLoginModule which is working fine with one role. However, when I added the second role for a different directory, I can not get it to work. Does anyone have any idea why this might be? My debug data looks like this:

      14:53:57,825 INFO [Engine] Authenticator[/mqosa]: Security checking request POST /mqosa/jsp/j_security_check
      14:53:57,825 INFO [Engine] Authenticator[/mqosa]: Checking for reauthenticate in session StandardSession[66A2084D16A614F907190FBFFDB93D02]
      14:53:57,827 INFO [Engine] Authenticator[/mqosa]: Authenticating username 'normal'
      14:53:58,147 INFO [Engine] Authenticator[/mqosa]: Authentication of 'normal' was successful
      14:53:58,147 INFO [Engine] Authenticator[/mqosa]: Redirecting to original '/mqosa/jsp/index.jsp'
      14:53:58,149 INFO [Engine] Authenticator[/mqosa]: Failed authenticate() test
      14:53:58,266 INFO [Engine] Authenticator[/mqosa]: Security checking request GET /mqosa/jsp/index.jsp
      14:53:58,267 INFO [Engine] Authenticator[/mqosa]: Checking constraint 'SecurityConstraint[mqosa jsp]' against GET /jsp/index.jsp --> true
      14:53:58,267 INFO [Engine] Authenticator[/mqosa]: Subject to constraint SecurityConstraint[mqosa jsp]
      14:53:58,268 INFO [Engine] Authenticator[/mqosa]: Calling checkUserData()
      14:53:58,268 INFO [Engine] Authenticator[/mqosa]: User data constraint has no restrictions
      14:53:58,269 INFO [Engine] Authenticator[/mqosa]: Calling authenticate()
      14:53:58,270 INFO [Engine] Authenticator[/mqosa]: Checking for reauthenticate in session StandardSession[66A2084D16A614F907190FBFFDB93D02]
      14:53:58,270 INFO [Engine] Authenticator[/mqosa]: Reauthenticating username 'normal'
      14:53:58,276 INFO [Engine] Authenticator[/mqosa]: Authenticated 'normal' with type 'FORM'
      14:53:58,276 INFO [Engine] Authenticator[/mqosa]: Calling accessControl()
      14:53:58,284 INFO [Engine] Authenticator[/mqosa]: Failed accessControl() test


      My web.xml looks like this (It works with just the Admin role and everything the main jsp path) :

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>mqosa jsp</web-resource-name>
      secure the mqosa jsp scripts
      <url-pattern>/jsp/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Normal</role-name>
      </auth-constraint>
      </security-constraint>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>mqosa admin jsp</web-resource-name>
      secure the mqosa admin jsp scripts
      <url-pattern>/jsp/admin/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Admin</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>MQOSA JSP</realm-name>
      <form-login-config>
      <form-login-page>/jsp/login.jsp</form-login-page>
      <form-error-page>/jsp/authenticationError.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      <role-name>Normal</role-name>
      </security-role>

      <security-role>
      <role-name>Admin</role-name>
      </security-role>