JAAS:Form login
kalmmo Jun 5, 2005 7:57 PMI'm trying to setup authentication for my application with a form login module. I think that I make all good and in fact I do not obtain errors during the deployment but if I define many security roles only the first in list gains access.For example, this is my web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
amministrazione <url-pattern>/index.html</url-pattern>
<url-pattern>/*.html</url-pattern>
.....
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
no description
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
Prenote
<url-pattern>/index.html</url-pattern>
<url-pattern>/*.html</url-pattern>
.....
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
no description
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
Administrator
<role-name>admin</role-name>
</security-role>
<security-role>
Utente
<role-name>user</role-name>
</security-role>
If i try to login as user I have this error:
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
and if I login as admin all works perfectly.
Moreover I have noticed that if I exchange the order of the tag "security-constraint" and "security-role"(user declaration before admin declaration) happens exact the opposite one, that is as user all works and as admin I obtain the same error before.
I just do not succeed to understand this error, can help someone me?
I use jboss3.2.3.
Thanks in advance and excuse for my English
Mimmo