Hi all!
I need to use a Servlet that includes security settings via the @ServletSecurity annotation:
@WebServlet("/SecureServlet")
@ServletSecurity(
value=@HttpConstraint(rolesAllowed = {"admin"}),
httpMethodConstraints={
@HttpMethodConstraint(value="GET",
rolesAllowed="admin"),
@HttpMethodConstraint(value="POST",
rolesAllowed={"admin"})
}
)
public class SecureServlet extends HttpServlet {
. . .
}
The file jboss-web.xml in turn maps a Security Domain that is registered in my configuration.
<jboss-web>
<security-domain>other</security-domain>
</jboss-web>
Now if I try to access the Servlet, the browser returns an error: 403 - Forbidden
I wonder if there are any open issues with this annotation. BTW, I have also tried with the more generic annotation:
@ServletSecurity(@HttpConstraint(rolesAllowed = {"admin"}))
But that also does not work. On the other hand, using web.xml the BASIC Auth pop-up displays correctly.
Any idea ?
Thanks
Mylos