1 Reply Latest reply on Aug 8, 2003 2:30 AM by mengk

    Basic authentication about difference user?

    mengk Newbie

      Hi:
      I refer to the configure file of jmx-console web module(web.xml,jboss-web.xml,users.properties,roles.properties,login-config.xml), I successfully implement admin user access all resources(some .jsp,some servlet).

      But I want to implement the function:
      common user can access a.jsp,b.jsp , yet admin user can access all the .jsp (a.jsp,b.jsp,c.jsp).

      I try it again, Admin user access all .jsp , this is OK, but common user doesn't access a.jsp and b.jsp , it return a 403 error in web page.

      Who can tell me implement the function?

      <?xml version="1.0" encoding="ISO-8859-1"?>
      <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
      <web-app>

      <welcome-file-list>
      <welcome-file>c.jsp</welcome-file>
      </welcome-file-list>

      <security-constraint>
      <display-name>Common</display-name>
      <web-resource-collection>
      <web-resource-name>selectinfo</web-resource-name>
      <url-pattern>/a.jsp</url-pattern>
      <url-pattern>/b.jsp</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Operator</role-name>
      <role-name>Deployer</role-name>
      </auth-constraint>
      </security-constraint>

      <security-constraint>
      <display-name>Admin</display-name>
      <web-resource-collection>
      <web-resource-name>success</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Deployer</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>law</realm-name>
      </login-config>

      <security-role>
      <role-name>Deployer</role-name>
      </security-role>

      <security-role>
      <role-name>Operator</role-name>
      </security-role>

      </web-app>

      <jboss-web>
      <context-root>/try</context-root>
      <security-domain>java:/jaas/other</security-domain>
      </jboss-web>

      users.properties:
      common=common
      admin=admin

      roles.properties:
      common=Operator
      admin=Deployer