-
1. Re: Not enforcing roles and security constraints?
jimcpl Jun 10, 2012 1:27 PM (in response to jimcpl)Hi,
I've made some progress. I can now get my test JSP to display roles using isInRole(), corresponding to what I have set in application-roles.properties.
HOWEVER, it looks like JBoss is still not enforcing the security constraint that is in the web.xml, i.e, regardless of whether or not an authenticated user has the correct role, I am still able to access the protected resource.
Is there something else that needs to be enabled in JBoss, i.e., is security enforcement disabled by default?
Thanks,
Jim
-
2. Re: Not enforcing roles and security constraints?
jaikiran Jun 11, 2012 12:29 AM (in response to jimcpl)You'll have to add a security-domain element in jboss-web.xml of your application and point the security-domain that you want to use. The security-domain configurations can be done in the security subsystem of the standalone/domain.xml file.
P.S: I know, this might not be enough information to get you started. But right now I don't have access to the docs or tutorials which might help you with this and I'm in a hurry. So if you still have questions, feel free to ask, someone else might help.