2 Replies Latest reply on Feb 27, 2012 11:34 AM by japochino1

    How to implement access control with security in JBoss AS 7?

    japochino1

      Hello

       

      I'm working in a java ee 6 app and I would like to use security form managing the control access (login, autorization, etc...)

       

      I have a realtional database with a user table and one of the fields is an foreign key contaning the user's role (matching with the roles defined later)

       

      I almost have it but I need a little help.

       

      I have a login form to autentificate user when request a protected resource.

       

       

      This is my web.xml:

       

          <security-constraint>
              <web-resource-collection>
                  <web-resource-name>Areas protegidas</web-resource-name>
                  <url-pattern>/pagina.jsf</url-pattern>
                         </web-resource-collection>
              <auth-constraint>
                  <role-name>gestor</role-name>
              </auth-constraint>
          </security-constraint>


          <security-role>
              <description>rol gestor que tendrá acceso total</description>
              <role-name>gestor</role-name>
          </security-role>
          <security-role>
              <description>rol  que permite acceso únicamente consultivo</description>
              <role-name>ojeador</role-name>
          </security-role>

       

          <login-config>
              <auth-method>FORM</auth-method>      
              <form-login-config>
                  <form-login-page>/index.jsf</form-login-page>
                  <form-error-page>/errorLogin.xhtml</form-error-page>
              </form-login-config>
          </login-config>

       

      When I request the protected page I am correctly redirect to the login (index.jsf), but when I do the login and request the protected page I am redirect to the login again because I supose I have to tell the server that the logged user correspond to the role gesto or ojeador. This is what I don't know how to do.

       

      Any help?

       

      Thanks so much