Hi,
I have a very basic question about J2EE security in JBOSS-TOMCAT. I am sure
this
question has been asked many times before, but I have not been able to find
anything
in the archives that directly answers it.
I have a simple web app (primer) with just a jsp component, and no ejb
component. I
am trying to attach security constraints to this web app as per the J2EE
spec.
the web.xml looks like this:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application
2.2//EN' 'http://java.sun.com/j2ee/dtds/web-app_2.2.dtd'>
<web-app>
<display-name>Primer Web Application</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>primer</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
<role-name>SYSADMIN</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>System Administrators</description>
<role-name>SYSADMIN</role-name>
</security-role>
<security-role>
<description>Firm Administrators</description>
<role-name>ADMIN</role-name>
</security-role>
</web-app>
Now, when I run this web app in tomcat alone (ie no jboss is involved, just
tomcat) it works fine, and the
login page (login.jsp) comes up. But when I run it from jboss either as
standalone, or embedded, the login page
does not come up at all. Instead it goes directly to index.jsp, as if the
security constraints did not get enforced.
I would greatly appreciate it if someone could just tell me what am I doing
wrong here.
I am using JBOSS2.0 Final with Tomcat 3.2
Thanks in advance.
Mike.
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
