This section discusses using a database for security. It steps you through creating the necessary database tables and loading the data and configuring the login-config.xml file. All for the Dukes bank application.

The configuration changes for the login-config.xml file deal with changing the dukesbank policy, which was an optional step in an earlier chapter dealing with security. The login-module is supposed to be changed to DatabaseServerLoginModule. All this, in section 9.1, is accurate.

The problem is that the earlier chapter dealing with security instructs us to create a security-constraint and a security-role for 'bankCustomer', with a lower-case 'b'.

When section 9.1 instructs us to load the security data it indicates a capital letter 'B' for the 'BankCustomer' role. These roles are apparently case-sensitive because the two are not matching up. Thus, you are able to successfully login but you are denied access to the application. The error message you get is:

HTTP Status 403 - Access to the requested resource has been denied