Not sure if this belongs in security or JMX & Management but since it is security related, I'm going to say it should be here. Please let me know if I have to move the question. Onto the real stuff:
I have secured the jmx-console using FORM based authentication with a CONFIDENTIAL transport-guarantee. I would like to do the same thing with the web-console and have the following in my web.xml.
<security-constraint> . . <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/login-error.html</form-error-page> </form-login-config> <login-config>
My problem comes in when I attempt to login into the web-console. Since the web-console is two frames, the login page appears in both frames. I can login to one, hit back and then go back into the console but that is a pain in the butt and could be confusing for future users. Does anyone have a way I can modify either the security setup or something in the web-console deployment to make the login.html page appears as one page and upon successful login, move to the two fram web-console? Thanks.