0 Replies Latest reply on Mar 27, 2014 5:58 AM by Mylos Kathos

    @ServletSecurity returns HTTP 403 error

    Mylos Kathos Master

      Hi all!

      I need to use a Servlet that includes security settings via the @ServletSecurity annotation:

      @WebServlet("/SecureServlet")

      @ServletSecurity(

        value=@HttpConstraint(rolesAllowed = {"admin"}),

        httpMethodConstraints={

        @HttpMethodConstraint(value="GET",

        rolesAllowed="admin"),

        @HttpMethodConstraint(value="POST",

        rolesAllowed={"admin"})

        }

        )

      public class SecureServlet extends HttpServlet {

      . . .

      }

      The file jboss-web.xml in turn maps a Security Domain that is registered in my configuration.

      <jboss-web>

      <security-domain>other</security-domain>

      </jboss-web>

      Now if I try to access the Servlet, the browser returns an error: 403 - Forbidden

      I wonder if there are any open issues with this annotation. BTW, I have also tried with the more generic annotation:

      @ServletSecurity(@HttpConstraint(rolesAllowed = {"admin"}))

      But that also does not work. On the other hand, using web.xml the BASIC Auth pop-up displays correctly.

      Any idea ?

      Thanks

      Mylos