3 Replies Latest reply on Jul 7, 2015 2:53 PM by Pierfrancesco Grillo

    Why security constraint in my web.xml does not work?

    Pierfrancesco Grillo Newbie

      i have in standalone.xml in wildfly 9.0.o cr2  this security domain

       

       

      -<security-domain name="MyLoginModule" cache-type="default">

       

       

       

      -<authentication>

       

       

      -<login-module flag="required" code="Database">

       

       

      <module-option name="dsJndiName" value="java:/ds/MyDS"/>

       

       

      <module-option name="principalsQuery" value="Select Password from Principals where PrincipalID=?"/>

       

       

      <module-option name="rolesQuery" value="Select Role 'Roles', RoleGroup 'RoleGroups' from Roles where PrincipalID=?"/>

       

       

      <module-option name="hashAlgorithm" value="MD5"/>

       

       

      <module-option name="hashEncoding" value="HEX"/>

       

       

      </login-module>

       

       

      </authentication>

       

       

      </security-domain>

      --------------------------------------------------

      The authentication to my application is ok. The authorization instead does not work.

       

      This is the part in web.xml for authorization :

       

      <security-constraint>

              <display-name>Vincoli SSN</display-name>

              <web-resource-collection>

                  <web-resource-name>Protette Application Server SSN</web-resource-name>

                  <description>Protette Application Server</description>

                  <url-pattern>/HeartBeatAction.do</url-pattern>

                  <url-pattern>/CU010GestioneApplicationServer.do</url-pattern>

                  <url-pattern>/CU010DettaglioApplicationServer.do</url-pattern>

                  <url-pattern>/CU010AcquisizioneApplicationServer.do</url-pattern>

                  <url-pattern>/CU010ImportazioneApplicationServer.do</url-pattern>

                  <http-method>GET</http-method>

                  <http-method>POST</http-method>

                  <http-method>HEAD</http-method>

                  <http-method>PUT</http-method>

                  <http-method>OPTIONS</http-method>

                  <http-method>TRACE</http-method>

                  <http-method>DELETE</http-method>

              </web-resource-collection>

              <auth-constraint>

                  <description>Amministratore SSN</description>

                  <role-name>Amministratore_sistema_SSN</role-name>

                  </auth-constraint>

              </security-constraint>

       

      I tried with all roles of my databse module but i can access to my actions and jsp pages only if i cut all security constraint from web.xml.

       

      Someone can help me?

       

      Thanks

       

      Pierfrancesco