Iam using the JDeveloper and JBoss to develop my web application using JSF. And the data is retrieved from the database(Oracle). I have implemented the DatabaseServerLoginModule for Authorization and Authentication. Here is code I have in the backingbean method of the Login button.
SecurityAssociationHandler handler = new SecurityAssociationHandler();
SimplePrincipal user = new SimplePrincipal(j_username.getValue().toString());
LoginContext loginContext =
new LoginContext("testDB", (CallbackHandler)handler);
Subject subject = loginContext.getSubject();
Set principals = subject.getPrincipals();
When I print the principals it is giving me the correct details from the database. The Authentication is working perfectly. I'm confused how to go from here for the authorization part. I have declared the page-level security in the web.xml and it is not working (no exceptions thrown). Role name with 'user' is able to access the pages under /admin folder.
Content of web.xml related to authorization-
Please advise me how to do the authorization part from here.
Thanks In Advance.