2 Replies Latest reply on Sep 1, 2004 9:09 PM by Andreas

    JAAS not picking up <security-constraint>

    Andreas Newbie

      Hi

      I'm trying to secure the admin pages of my applications.
      The problem is that I do not get promted for login/password when using this
      <url-pattern>/ppwebshop/admin/*</url-pattern>
      I do get get promted for login/password when using <url-pattern>/*</url-pattern> though.

      Any ideas?

      An url to secure:
      http://127.0.0.1:8080/ppwebshop/admin/categoryedit.jspa


      <security-constraint>
      <web-resource-collection>
      <web-resource-name>HtmlAdaptor</web-resource-name>
      security config that only allows users with the role PPShopAdmin to access shop admin pages.
      <url-pattern>/ppwebshop/admin/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>PPShopAdmin</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>PPWebShop Admin</realm-name>
      </login-config>

      <security-role>
      <role-name>PPShopAdmin</role-name>
      </security-role>

        • 1. JAAS not picking up <security-constraint>
          stueccles Newbie

          Hi

          I'm trying to secure the admin pages of my applications.
          The problem is that I do not get promted for login/password when using this
          <url-pattern>/ppwebshop/admin/*</url-pattern>
          I do get get promted for login/password when using <url-pattern>/*</url-pattern> though.

          Any ideas?

          An url to secure:
          http://127.0.0.1:8080/ppwebshop/admin/categoryedit.jspa


          <security-constraint>
          <web-resource-collection>
          <web-resource-name>HtmlAdaptor</web-resource-name>
          security config that only allows users with the role PPShopAdmin to access shop admin pages.
          <url-pattern>/ppwebshop/admin/*</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
          </web-resource-collection>
          <auth-constraint>
          <role-name>PPShopAdmin</role-name>
          </auth-constraint>
          </security-constraint>

          <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>PPWebShop Admin</realm-name>
          </login-config>

          <security-role>
          <role-name>PPShopAdmin</role-name>
          </security-role>