1 Reply Latest reply on Nov 1, 2006 1:41 PM by Bjornn Faria

    Multiple security constraint for multiple roles

    Adrien Adrien Apprentice

      Hi,
      I have some paths on my web :
      http://localhost:8080/administrator/ -> for admin only
      http://localhost:8080/menberlogged/ -> for the menber
      http://localhost:8080/pub/ ->every body


      Il log the user with JAAS, but when i want to access secure page, i m redireect to login page.(administrator with role administrator or menberlogged with role member)

      Is a mistake in my web.xml?
      Is it right to have 2 security-constraint ?
      Thanks for your help

      <security-domain>java:/jaas/mySite</security-domain>
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>ResourceAdministrator</web-resource-name>
      Declarative security tests
      <url-pattern>/administrator/*</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>administrator</role-name>
      </auth-constraint>
      <user-data-constraint>
      no description
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>


      <security-constraint>
      <web-resource-collection>
      <web-resource-name>ResourceMember</web-resource-name>
      Declarative security tests
      <url-pattern>/menberlogged/*</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>member</role-name>
      </auth-constraint>
      <user-data-constraint>
      no description
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>


      <security-role>
      Un membre
      <role-name>member</role-name>
      </security-role>

      <security-role>
      A les droits de valider in valider une annonce
      <role-name>administrator</role-name>
      </security-role>


      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>java:/jaas/mySite</realm-name><!-- lorizon est le nom dans server conf login config -->
      <form-login-config>
      <form-login-page>/index.jsp</form-login-page><!-- //path to login page-->
      <form-error-page>/index.jsp</form-error-page><!-- //path in case login fails -->
      </form-login-config>
      </login-config>