5 Replies Latest reply on Aug 17, 2005 5:52 AM by Mohamed Fathy

    New to security in JBoss

    Mohamed Fathy Newbie

      Hi all

      I defined a securtiy constraint in the web.xml file that looks like that

      <security-constraint>
      <web-resource-collection>
      <url-pattern>/timesheet/controllers/timesheets/*</url-pattern>
      <url-pattern>/Timesheets/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>employee</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      also I am using the "other" security Realm
      with the files

      "users.properties" that looks like the following

      employee=employee
      project manager=project manager
      operation manager=operation manager
      resource manager=resource manager
      manager=manager

      and "roles.properties" that looks like the following

      employee=employee
      project manager=project manager
      operation manager=operation manager
      resource manager=resource manager
      manager=manager

      so from my little knowledge the user employee has password employee and the role employee and /Timesheets/* pattern requires role employee

      my welcome index file redirects to /Timesheets/Timesheets.do
      when I open the timesheet application the index file redirects to Timesheets/Timesheets.do so he asks for login and preview to me the login-form.jsp I enter usernae: employee and password: employee

      and here is the problem I excpected to log me in to the timesheets page but instead I have this error page

      HTTP Status 403 - User is not authorized to access action /Timesheets/Timesheets
      type Status report
      message User is not authorized to access action /Timesheets/Timesheets
      description Access to the specified resource (User is not authorized to access action /Timesheets/Timesheets) has been forbidden.
      Apache Tomcat/5.0.28

      can any one tell me what is the problem

      Sorry for the long Post

      yours,
      Mohamed Fthay