2 Replies Latest reply on Sep 8, 2011 10:27 AM by Thibault Delor

    Role-name with wildcard doesn't work!

    Thibault Delor Newbie

      Hi,

      I've just moved from jboss6 to jboss 7 and I encouter a difficulty. In my web.xml I have that :

       

       

                 <security-constraint>
                          <web-resource-collection>
                                    <web-resource-name>All pages</web-resource-name>
                                    <url-pattern>*.xhtml</url-pattern>
                          </web-resource-collection>
                          <auth-constraint>
                                    <description>All authenticated users</description>
                                    <role-name>*</role-name>
                          </auth-constraint>
                </security-constraint>
      

      Theorically all xhtml page are accesible to authenticated user... but no! When I try to log in, I the have a 403 error and the logs says that :

       

      15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) Security checking request GET /MoonJSF/pages/statList.xhtml

      15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) We have cached auth type FORM for principal GenericPrincipal[tibo(ADMIN,)]

      15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2)   Checking constraint 'SecurityConstraint[All pages]' against GET /pages/statList.xhtml --> true

      15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2)   Checking constraint 'SecurityConstraint[All pages]' against GET /pages/statList.xhtml --> true

      15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2)   Checking constraint 'SecurityConstraint[All pages]' against GET /pages/statList.xhtml --> true

      15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2)  Calling hasUserDataPermission()

      15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2)   User data constraint has no restrictions

      15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2)  Calling authenticate()

      15:56:05,043 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http--0.0.0.0-8080-2) Already authenticated 'tibo'

      15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2)  Calling accessControl()

      15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2)   Checking roles GenericPrincipal[tibo(ADMIN,)]

      15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2)  Failed accessControl() test

      Weird! I am authenticated but I can't access the page!

      Moreover if I restrict the pages to this user group like that :

       

       

                          <auth-constraint>
                                    <description>All authenticated users</description>
                                    <role-name>ADMIN</role-name> <!-- No Wildcard! -->
                          </auth-constraint>
      

       

      Now It works, I can login and acces xhtml pages?

      What the problem?