2 Replies Latest reply on Sep 8, 2011 10:27 AM by thibaultdelor

Role-name with wildcard doesn't work!

thibaultdelor Sep 8, 2011 10:16 AM

Hi,

I've just moved from jboss6 to jboss 7 and I encouter a difficulty. In my web.xml I have that :

           <security-constraint>
                    <web-resource-collection>
                              <web-resource-name>All pages</web-resource-name>
                              <url-pattern>*.xhtml</url-pattern>
                    </web-resource-collection>
                    <auth-constraint>
                              <description>All authenticated users</description>
                              <role-name>*</role-name>
                    </auth-constraint>
          </security-constraint>

Theorically all xhtml page are accesible to authenticated user... but no! When I try to log in, I the have a 403 error and the logs says that :

15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) Security checking request GET /MoonJSF/pages/statList.xhtml
15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) We have cached auth type FORM for principal GenericPrincipal[tibo(ADMIN,)]
15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2)   Checking constraint 'SecurityConstraint[All pages]' against GET /pages/statList.xhtml --> true
15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2)   Checking constraint 'SecurityConstraint[All pages]' against GET /pages/statList.xhtml --> true
15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2)   Checking constraint 'SecurityConstraint[All pages]' against GET /pages/statList.xhtml --> true
15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) Calling hasUserDataPermission()
15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2)   User data constraint has no restrictions
15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) Calling authenticate()
15:56:05,043 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http--0.0.0.0-8080-2) Already authenticated 'tibo'
15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) Calling accessControl()
15:56:05,043 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-2)   Checking roles GenericPrincipal[tibo(ADMIN,)]
15:56:05,043 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-2) Failed accessControl() test

Weird! I am authenticated but I can't access the page!

Moreover if I restrict the pages to this user group like that :

                    <auth-constraint>
                              <description>All authenticated users</description>
                              <role-name>ADMIN</role-name> <!-- No Wildcard! -->
                    </auth-constraint>

Now It works, I can login and acces xhtml pages?

What the problem?

1. Re: Role-name with wildcard doesn't work!

jaikiran Sep 8, 2011 10:16 AM (in response to thibaultdelor)

http://community.jboss.org/message/617196#617196
Actions
2. Re: Role-name with wildcard doesn't work!

thibaultdelor Sep 8, 2011 10:27 AM (in response to jaikiran)

Thanks jaikiran!
Now I just have to find how to change this mode and that wil probably be ok!
Actions

Go to original post