Indra Gunawan wrote:
Hi all,
First, sorry if this question is too basic and simple... but I really already gave up on this. I have a servlet called TestServlet and is mapped into /testservlet.do ... nothing special. Then I add security constraints needed to protect it ...
<security-constraint> <display-name>Secured Area Security Constraint</display-name> <web-resource-collection> <web-resource-name>Secured Area</web-resource-name> <url-pattern>/testservlet.do</url-pattern> </web-resource-collection> <auth-constraint> <role-name>ROLE_TELLER</role-name> <role-name>ROLE_SUPERVISOR</role-name> </auth-constraint> </security-constraint>
<login-config> <auth-method>BASIC</auth-method> <realm-name>HelloWorld</realm-name> </login-config>
<security-role> <role-name>ROLE_SUPERVISOR</role-name> </security-role> <security-role> <role-name>ROLE_TELLER</role-name> </security-role>
Hi Indra
If you're using FilterSecurityInterceptor, as you are, you don't need the above quoted sections in web.xml. What's happening is Tomcat is trying to secure the pages, and the logins are failing as username marissa is unknown to Tomcat - it's only know to Acegi Security's filters, which never get executed as Tomcat prevents it.
HTH Ben
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
