-
1. Re: <role-name> from web.xml && <module-option name=
starksm64 Nov 4, 2004 9:34 PM (in response to liooil)A 302 return code is a temporary redirect. This is used when using form authentication to redirect you to the login form.
-
2. Re: <role-name> from web.xml && <module-option name=
liooil Nov 8, 2004 9:16 AM (in response to liooil)
I understand that's a redirect redirect because it has been coded in this way in the web.xml file :
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/action/authenticationView</form-login-page>
<form-error-page>/action/authenticationProcess</form-error-page>
</form-login-config>
</login-config>
Dynamicly, i can see the process authentication that succeeds :
1 - /action/authenticationProcess identifies properly the client
i.e, my loginContext works well : i get my subject and my principals
2 - /action/authenticationProcess tries a forward to action/menuView
3 - this forward is rejected (our 302 redirect) because this URL is a protected resource (my <security-constraint>)
Maybe the relevant question is how can i map the <role-name> with one of the principals i get from my loginContext ? -
3. Re: <role-name> from web.xml && <module-option name=
starksm64 Nov 8, 2004 12:39 PM (in response to liooil)A redirect only occurs for authentication failures, not authorization. You map the roles to a user using the roles.properties file as discussed in the JAAS Howto in this forum.