Hello
I'm working in a java ee 6 app and I would like to use security form managing the control access (login, autorization, etc...)
I have a realtional database with a user table and one of the fields is an foreign key contaning the user's role (matching with the roles defined later)
I almost have it but I need a little help.
I have a login form to autentificate user when request a protected resource.
This is my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Areas protegidas</web-resource-name>
<url-pattern>/pagina.jsf</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>gestor</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>rol gestor que tendrá acceso total</description>
<role-name>gestor</role-name>
</security-role>
<security-role>
<description>rol que permite acceso únicamente consultivo</description>
<role-name>ojeador</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/index.jsf</form-login-page>
<form-error-page>/errorLogin.xhtml</form-error-page>
</form-login-config>
</login-config>
When I request the protected page I am correctly redirect to the login (index.jsf), but when I do the login and request the protected page I am redirect to the login again because I supose I have to tell the server that the logged user correspond to the role gesto or ojeador. This is what I don't know how to do.
Any help?
Thanks so much