Role-name with wildcard doesn't work!
thibaultdelor Sep 8, 2011 10:16 AMHi,
I've just moved from jboss6 to jboss 7 and I encouter a difficulty. In my web.xml I have that :
<security-constraint> <web-resource-collection> <web-resource-name>All pages</web-resource-name> <url-pattern>*.xhtml</url-pattern> </web-resource-collection> <auth-constraint> <description>All authenticated users</description> <role-name>*</role-name> </auth-constraint> </security-constraint>
Theorically all xhtml page are accesible to authenticated user... but no! When I try to log in, I the have a 403 error and the logs says that :
15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) Security checking request GET /MoonJSF/pages/statList.xhtml
15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) We have cached auth type FORM for principal GenericPrincipal[tibo(ADMIN,)]
15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2) Checking constraint 'SecurityConstraint[All pages]' against GET /pages/statList.xhtml --> true
15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2) Checking constraint 'SecurityConstraint[All pages]' against GET /pages/statList.xhtml --> true
15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2) Checking constraint 'SecurityConstraint[All pages]' against GET /pages/statList.xhtml --> true
15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) Calling hasUserDataPermission()
15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2) User data constraint has no restrictions
15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) Calling authenticate()
15:56:05,043 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http--0.0.0.0-8080-2) Already authenticated 'tibo'
15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) Calling accessControl()
15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2) Checking roles GenericPrincipal[tibo(ADMIN,)]
15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) Failed accessControl() test
Weird! I am authenticated but I can't access the page!
Moreover if I restrict the pages to this user group like that :
<auth-constraint> <description>All authenticated users</description> <role-name>ADMIN</role-name> <!-- No Wildcard! --> </auth-constraint>
Now It works, I can login and acces xhtml pages?
What the problem?