1 Reply Latest reply on Nov 1, 2006 1:41 PM by bjornn

Multiple security constraint for multiple roles

jadtn Nov 1, 2006 5:32 AM

Hi,
I have some paths on my web :
http://localhost:8080/administrator/ -> for admin only
http://localhost:8080/menberlogged/ -> for the menber
http://localhost:8080/pub/ ->every body

Il log the user with JAAS, but when i want to access secure page, i m redireect to login page.(administrator with role administrator or menberlogged with role member)

Is a mistake in my web.xml?
Is it right to have 2 security-constraint ?
Thanks for your help

<security-domain>java:/jaas/mySite</security-domain>
<security-constraint>
<web-resource-collection>
<web-resource-name>ResourceAdministrator</web-resource-name>
Declarative security tests
<url-pattern>/administrator/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
<user-data-constraint>
no description
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>ResourceMember</web-resource-name>
Declarative security tests
<url-pattern>/menberlogged/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>member</role-name>
</auth-constraint>
<user-data-constraint>
no description
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<security-role>
Un membre
<role-name>member</role-name>
</security-role>

<security-role>
A les droits de valider in valider une annonce
<role-name>administrator</role-name>
</security-role>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>java:/jaas/mySite</realm-name>
<form-login-config>
<form-login-page>/index.jsp</form-login-page>
<form-error-page>/index.jsp</form-error-page>
</form-login-config>
</login-config>

1. Re: Multiple security constraint for multiple roles

bjornn Nov 1, 2006 1:41 PM (in response to jadtn)

What is your problem? I did not understand...

It's look like ok for me. You can(maybe should) have multiples securtity constraints for diferent roles...

Are something that doesn't work?

One point: you write "http://localhost:8080/administrator" and probally you want to write "http://localhost:8080/YOUR_WEB_APP_NAME/administrator". Am I right?

I have a working example and I can send it for you if you need.
Actions