0 Replies Latest reply on Jun 5, 2005 7:57 PM by kalmmo

    JAAS:Form login

    kalmmo

      I'm trying to setup authentication for my application with a form login module. I think that I make all good and in fact I do not obtain errors during the deployment but if I define many security roles only the first in list gains access.For example, this is my web.xml

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Restricted</web-resource-name>
      amministrazione <url-pattern>/index.html</url-pattern>
      <url-pattern>/*.html</url-pattern>
      .....
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>

      <auth-constraint>
      <role-name>admin</role-name>
      </auth-constraint>

      <user-data-constraint>
      no description
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>

      </security-constraint>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Restricted</web-resource-name>
      Prenote
      <url-pattern>/index.html</url-pattern>
      <url-pattern>/*.html</url-pattern>
      .....
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>

      <auth-constraint>
      <role-name>user</role-name>
      </auth-constraint>

      <user-data-constraint>
      no description
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>

      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>default</realm-name>
      <form-login-config>
      <form-login-page>/login.html</form-login-page>
      <form-error-page>/error.html</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      Administrator
      <role-name>admin</role-name>
      </security-role>

      <security-role>
      Utente
      <role-name>user</role-name>
      </security-role>

      If i try to login as user I have this error:
      message Access to the requested resource has been denied

      description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

      and if I login as admin all works perfectly.
      Moreover I have noticed that if I exchange the order of the tag "security-constraint" and "security-role"(user declaration before admin declaration) happens exact the opposite one, that is as user all works and as admin I obtain the same error before.
      I just do not succeed to understand this error, can help someone me?
      I use jboss3.2.3.
      Thanks in advance and excuse for my English
      Mimmo