0 Replies Latest reply on Aug 31, 2004 5:32 AM by roberto roberto

    security constraint problem

    roberto roberto Novice

      i have a problem with security constraint...

      in the web-xml i have:

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>all</web-resource-name>
      <url-pattern>*.jsp</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>everyone</role-name>
      </auth-constraint>
      </security-constraint>
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>allAdmin</web-resource-name>
      <url-pattern>/WebLogHelper.jsp</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>sysadm</role-name>
      </auth-constraint>
      </security-constraint>

      what that i want is that webloghelper.jsp is usable only from sysadm role and all the other from everyone role.

      in the roles.properties i have...


      USERA=everyone,sysadm
      USERB=everyone

      so USERB could not access to webloghelper.jsp, instead USERA can do it..

      but...

      ALL users can access the webloghelper.jsp resource!
      Why?

      Using Websphere this works!

      i'm using jboss 3.2.3

      thank you!