Problem getting Quickstarts POST binding to work (version 2.1.4)
ndrw_cheung Sep 13, 2012 9:06 AMHi. I'm using PicketLink version 2.1.4, trying to get the QuickStarts "sales-post" example to work with POST binding. The behaviour I have observed using the following configuration is that when I go to http://localhost:8080/TestSP/sales-post, it redirects to the IDP login page. Then when I enter the credentials of the user "sales", the browser goes into an infinite loop. Any pointers to help get this work would be appreciated.
Thanks.
-Andrew
----------------------------
Here is my setup :
IDP : Running on tomcat verison 6.0.35 on port 8180 of my local Windows 7 machine (configuration files will be posted below)
SP : Running on JBoss EPP 5.2.1 on port 8080 locally
I have also turned up logging. The contents of the log are below the configuration files below.
All other files in the IDP and SP are not modified except for the following xml files:
tomcat-users.xml :
<role rolename="Employee"/>
<role rolename="Sales"/>
<role rolename="manager"/>
<user username="manager" password="manager" roles="manager,Employee,Sales" />
<user username="sales" password="sales" roles="Employee,Sales" />
<user username="employee" password="employee" roles="Employee" />
-------------------------------
IDP web.xml :
<?xml version="1.0"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<description>IDP Web Application for the PicketLink project</description>
<display-name>IDP</display-name>
<listener>
<listener-class>org.picketlink.identity.federation.web.listeners.IDPHttpSessionListener</listener-class>
</listener>
<!-- Define a security constraint that gives unlimted access to images -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Images</web-resource-name>
<url-pattern>/images/*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>CSS</web-resource-name>
<url-pattern>/css/*</url-pattern>
</web-resource-collection>
</security-constraint>
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Manager command</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
<role-name>Sales</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>PicketLink IDP Application</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application in the security constraints above-->
<security-role>
<role-name>manager</role-name>
</security-role>
<security-role>
<role-name>Sales</role-name>
</security-role>
</web-app>
------------------------------
IDP picketlink.xml :
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
<PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1" StrictPostBinding="true">
<IdentityURL>http://localhost:8180/IDP/</IdentityURL>
<Trust>
<Domains>localhost,jboss.com,jboss.org,amazonaws.com</Domains>
</Trust>
</PicketLinkIDP>
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
</Handlers>
<!--
The configuration bellow defines a token timeout and a clock skew. Both configurations will be used during the SAML Assertion creation.
This configuration is optional. It is defined only to show you how to set the token timeout and clock skew configuration.
-->
<PicketLinkSTS xmlns="urn:picketlink:identity-federation:config:1.0" TokenTimeout="5000" ClockSkew="0">
<TokenProviders>
<TokenProvider
ProviderClass="org.picketlink.identity.federation.core.saml.v1.providers.SAML11AssertionTokenProvider"
TokenType="urn:oasis:names:tc:SAML:1.0:assertion"
TokenElement="Assertion" TokenElementNS="urn:oasis:names:tc:SAML:1.0:assertion" />
<TokenProvider
ProviderClass="org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider"
TokenType="urn:oasis:names:tc:SAML:2.0:assertion"
TokenElement="Assertion" TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion" />
</TokenProviders>
</PicketLinkSTS>
</PicketLink>
------------------------------------
IDP context.xml (in the META-INF folder) :
<Context>
<Valve
className="org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve" />
<Valve
className="org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve" />
</Context>
------------------------
SP web.xml :
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<description>Just a Test SP for Fedbridge Project</description>
<display-name>Fedbridge Test SALES Application</display-name>
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>SALES Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>SALES Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Sales</role-name>
</auth-constraint>
</security-constraint>
<!-- Define a security constraint that gives unlimted access to freezone -->
<security-constraint>
<web-resource-collection>
<web-resource-name>freezone</web-resource-name>
<url-pattern>/freezone/*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>images</web-resource-name>
<url-pattern>/images/*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>css</web-resource-name>
<url-pattern>/css/*</url-pattern>
</web-resource-collection>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Tomcat SALES Application</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>The role that is required to log in to this Application</description>
<role-name>manager</role-name>
</security-role>
<security-role>
<description>The role that is required to log in to this Application</description>
<role-name>Sales</role-name>
</security-role>
</web-app>
-------------------
SP picketlink.xml :
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:1.0"
BindingType="POST">
<IdentityURL>http://localhost:8180/IDP/</IdentityURL>
<ServiceURL>http://localhost:8080/TestSP/sales-post</ServiceURL>
</PicketLinkSP>
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
</Handlers>
</PicketLink>
--------------------------
SP jboss-web.xml :
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>sp</security-domain>
<context-root>TestSP/sales-post</context-root>
</jboss-web>
-------------------------
SP context.xml (in the WEB-INF folder):
<Context>
<Valve className="org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator"
/>
</Context>
-------------------------
Logs: server.log for tomcat :
2012-09-12 08:06:16,758 INFO [org.picketlink.identity.federation] (main) Using logger implementation: org.picketlink.identity.federation.DefaultPicketLinkLogger
2012-09-12 08:06:16,866 WARN [org.picketlink.identity.federation] (main) Security Token registry option not specified: Issued Tokens will not be persisted!
2012-09-12 08:06:16,868 DEBUG [org.picketlink.identity.federation] (main) Revocation registry option not specified: cancelled ids will not be persisted!
2012-09-12 08:06:16,872 WARN [org.picketlink.identity.federation] (main) Security Token registry option not specified: Issued Tokens will not be persisted!
2012-09-12 08:06:16,873 DEBUG [org.picketlink.identity.federation] (main) Revocation registry option not specified: cancelled ids will not be persisted!
2012-09-12 08:06:28,377 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = POST
SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwOi8vbG9jYWxob3N0OjgwODAvVGVzdFNQL3NhbGVzLXBvc3QiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjgxODAvQlJFU0lEUC8iIElEPSJJRF8zMTVkNDVhOS02NTUwLTRhZDctYTk0Zi04NTY1ZTYwNDdkNzIiIElzc3VlSW5zdGFudD0iMjAxMi0wOS0xMlQxMjowNjoyOC4yNjNaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9UZXN0U1Avc2FsZXMtcG9zdDwvc2FtbDpJc3N1ZXI+PHNhbWxwOk5hbWVJRFBvbGljeSBBbGxvd0NyZWF0ZT0idHJ1ZSIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4=
SAMLResponse=null
true
2012-09-12 08:06:29,131 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = GET
SAMLRequest=null
SAMLResponse=null
true
2012-09-12 08:06:29,135 DEBUG [org.picketlink.identity.federation] (http-8180-2) SP Sent::Method = GET
SAMLRequest=null
SAMLResponse=null
true
2012-09-12 08:06:29,174 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = GET
SAMLRequest=null
SAMLResponse=null
true
2012-09-12 08:06:34,152 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = POST
SAMLRequest=null
SAMLResponse=null
true
2012-09-12 08:06:34,185 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = GET
SAMLRequest=null
SAMLResponse=null
true
2012-09-12 08:06:34,365 DEBUG [org.picketlink.identity.federation] (http-8180-1) issueToken::provider=org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider@3de6696c
2012-09-12 08:06:34,445 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = POST
SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwOi8vbG9jYWxob3N0OjgwODAvVGVzdFNQL3NhbGVzLXBvc3QiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjgxODAvQlJFU0lEUC8iIElEPSJJRF8xODliYTUwMS1lNGUxLTQyNzAtYjlhZS01NmU3ZmViZThkZTciIElzc3VlSW5zdGFudD0iMjAxMi0wOS0xMlQxMjowNjozNC40MTlaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9UZXN0U1Avc2FsZXMtcG9zdDwvc2FtbDpJc3N1ZXI+PHNhbWxwOk5hbWVJRFBvbGljeSBBbGxvd0NyZWF0ZT0idHJ1ZSIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4=
SAMLResponse=null
true
2012-09-12 08:06:34,466 DEBUG [org.picketlink.identity.federation] (http-8180-1) issueToken::provider=org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider@3de6696c
2012-09-12 08:06:34,521 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = POST
SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwOi8vbG9jYWxob3N0OjgwODAvVGVzdFNQL3NhbGVzLXBvc3QiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjgxODAvQlJFU0lEUC8iIElEPSJJRF9lN2U3MjUzMi1lMTFjLTQzYjgtYTZkZS00ZTFmMDcyOTBkZDIiIElzc3VlSW5zdGFudD0iMjAxMi0wOS0xMlQxMjowNjozNC41MDNaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9UZXN0U1Avc2FsZXMtcG9zdDwvc2FtbDpJc3N1ZXI+PHNhbWxwOk5hbWVJRFBvbGljeSBBbGxvd0NyZWF0ZT0idHJ1ZSIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4=
SAMLResponse=null
true
2012-09-12 08:06:34,558 DEBUG [org.picketlink.identity.federation] (http-8180-1) issueToken::provider=org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider@3de6696c
2012-09-12 08:06:34,612 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = POST
SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwOi8vbG9jYWxob3N0OjgwODAvVGVzdFNQL3NhbGVzLXBvc3QiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjgxODAvQlJFU0lEUC8iIElEPSJJRF84ZjBhN2M3NS0xZDc2LTQzZTUtOGU4MS0yZTNjNDk2N2M4MTIiIElzc3VlSW5zdGFudD0iMjAxMi0wOS0xMlQxMjowNjozNC41OTJaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9UZXN0U1Avc2FsZXMtcG9zdDwvc2FtbDpJc3N1ZXI+PHNhbWxwOk5hbWVJRFBvbGljeSBBbGxvd0NyZWF0ZT0idHJ1ZSIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4=
SAMLResponse=null
true
-----------------------
catalina.log for tomcat :
Sep 12, 2012 8:06:28 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Images, CSS]' against POST /index.jsp --> false
Sep 12, 2012 8:06:28 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Manager command]' against POST /index.jsp --> true
Sep 12, 2012 8:06:28 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Images, CSS]' against POST /index.jsp --> false
Sep 12, 2012 8:06:28 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Manager command]' against POST /index.jsp --> true
Sep 12, 2012 8:06:28 AM org.apache.catalina.realm.RealmBase hasUserDataPermission
FINE: User data constraint has no restrictions
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Images, CSS]' against GET /css/idp.css --> true
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Manager command]' against GET /css/idp.css --> true
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Images, CSS]' against GET /images/picketlink-banner-1180px.png --> true
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Manager command]' against GET /images/picketlink-banner-1180px.png --> true
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Images, CSS]' against GET /css/idp.css --> true
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Images, CSS]' against GET /images/picketlink-banner-1180px.png --> true
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Manager command]' against GET /css/idp.css --> true
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Manager command]' against GET /images/picketlink-banner-1180px.png --> true
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasUserDataPermission
FINE: User data constraint has no restrictions
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasUserDataPermission
FINE: User data constraint has no restrictions
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasResourcePermission
FINE: Checking roles null
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasResourcePermission
FINE: Checking roles null
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasResourcePermission
FINE: Passing all access
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasResourcePermission
FINE: Passing all access
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Images, CSS]' against GET /images/rh_bg.png --> true
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Manager command]' against GET /images/rh_bg.png --> true
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Images, CSS]' against GET /images/rh_bg.png --> true
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Manager command]' against GET /images/rh_bg.png --> true
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasUserDataPermission
FINE: User data constraint has no restrictions
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasResourcePermission
FINE: Checking roles null
Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasResourcePermission
FINE: Passing all access
Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Images, CSS]' against GET /index.jsp --> false
Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Manager command]' against GET /index.jsp --> true
Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Images, CSS]' against GET /index.jsp --> false
Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Manager command]' against GET /index.jsp --> true
Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase hasUserDataPermission
FINE: User data constraint has no restrictions
Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase hasResourcePermission
FINE: Checking roles GenericPrincipal[sales(Employee,Sales,)]
Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase hasResourcePermission
FINE: No role found: manager
Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase hasResourcePermission
FINE: Role found: Sales
Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Images, CSS]' against POST /index.jsp --> false
Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Manager command]' against POST /index.jsp --> true
Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Images, CSS]' against POST /index.jsp --> false
Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE: Checking constraint 'SecurityConstraint[Manager command]' against POST /index.jsp --> true
...and the same content above goes on and on.