Hi,

Iam using the JDeveloper and JBoss to develop my web application using JSF. And the data is retrieved from the database(Oracle). I have implemented the DatabaseServerLoginModule for Authorization and Authentication. Here is code I have in the backingbean method of the Login button.

SecurityAssociationHandler handler = new SecurityAssociationHandler();
SimplePrincipal user = new SimplePrincipal(j_username.getValue().toString());
handler.setSecurityInfo(user, j_password.getValue().toStrin().toCharArray());
LoginContext loginContext =
new LoginContext("testDB", (CallbackHandler)handler);
loginContext.login();
Subject subject = loginContext.getSubject();
Set principals = subject.getPrincipals();
principals.add(user);

When I print the principals it is giving me the correct details from the database. The Authentication is working perfectly. I'm confused how to go from here for the authorization part. I have declared the page-level security in the web.xml and it is not working (no exceptions thrown). Role name with 'user' is able to access the pages under /admin folder.

Content of web.xml related to authorization-

<security-constraint>
<web-resource-collection>
<web-resource-name>Administrator</web-resource-name>
<url-pattern>/faces/admin/*</url-pattern>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
Administrator
<role-name>admin</role-name>
</security-role>


Please advise me how to do the authorization part from here.

Thanks In Advance.
SR.