problem with web.xml and accessing secure pages
cane74 Mar 11, 2004 4:38 AMHi!
Why JBoss produces an error while processing my web.xml? All seems to be OK while
<security-role> ... </security-role>is commented out. Otherwise XML parser says:
11:03:20,734 ERROR [Digester] Parse Error at line 83 column 11: The content of element type "web-app" must match "(icon?,display-name?,description?,distributable?,
context-param*,filter*,filter-mapping*,listener*,
servlet*,servlet-mapping*,session-config?,
mime-mapping*,welcome-file-list?,error-page*,
taglib*,resource-env-ref*,resource-ref*,
security-constraint*,login-config?,security-role*,
env-entry*,ejb-ref*,ejb-local-ref*)".
Another question is why after quthorization user can't see information from secure location (/admin/*)? Is it possible that if I didn't specify the <security-role> properly ('cause I can't :D) user will be always redirected to /error/403.jsp?
What is wrong?...
Best regards,
Bart
web.xml
<?xml version="1.0" ?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <!-- ROLES --> <security-role> <description>Authenticated user</description> <role-name>Authenticated_users</role-name> </security-role> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <error-page> <error-code>403</error-code> <location>/error/403.jsp</location> </error-page> <error-page> <error-code>404</error-code> <location>/error/404.jsp</location> </error-page> <!-- SECURITY --> <security-constraint> <web-resource-collection> <web-resource-name>iqweb-admin</web-resource-name> <description>Administracja systemem</description> <url-pattern>/admin/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <description>Only allow Authenticated_users role</description> <role-name>Authenticated_users</role-name> </auth-constraint> <user-data-constraint> <description>Encryption is not required for the application in general.</description> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>iqweb</realm-name> </login-config> </web-app>