[jboss-user] [Security & JAAS/JBoss] - Multiple security constraint for multiple roles

Wed, 01 Nov 2006 02:33:04 -0800 

Hi,
I have some paths on my web :
http://localhost:8080/administrator/  -> for admin only
http://localhost:8080/menberlogged/ -> for the menber
http://localhost:8080/pub/ ->every body


Il log the user with JAAS, but when i want to access secure page, i m redireect 
to login page.(administrator with role administrator or menberlogged with role 
member)

Is a mistake in my web.xml? 
Is it right to have 2 security-constraint ?
Thanks for your help

<security-domain>java:/jaas/mySite</security-domain>
<security-constraint>
        <web-resource-collection>
                <web-resource-name>ResourceAdministrator</web-resource-name>
                        Declarative security tests      
                                <url-pattern>/administrator/*</url-pattern>
                                <http-method>HEAD</http-method>
                                <http-method>GET</http-method>
                                <http-method>POST</http-method>
                                <http-method>PUT</http-method>
                                <http-method>DELETE</http-method>
                        </web-resource-collection>
                        <auth-constraint>
                                <role-name>administrator</role-name> 
                        </auth-constraint>
                        <user-data-constraint>
                                no description
                                <transport-guarantee>NONE</transport-guarantee>
                        </user-data-constraint>
</security-constraint>


<security-constraint>
        <web-resource-collection>
                <web-resource-name>ResourceMember</web-resource-name>
                        Declarative security tests      
                                <url-pattern>/menberlogged/*</url-pattern>
                                <http-method>HEAD</http-method>
                                <http-method>GET</http-method>
                                <http-method>POST</http-method>
                                <http-method>PUT</http-method>
                                <http-method>DELETE</http-method>
                        </web-resource-collection>
                        <auth-constraint>
                                <role-name>member</role-name> 
                        </auth-constraint>
                        <user-data-constraint>
                                no description
                                <transport-guarantee>NONE</transport-guarantee>
                        </user-data-constraint>
</security-constraint>


<security-role>
        Un membre
        <role-name>member</role-name>
</security-role>

<security-role>
        A les droits de valider in valider une annonce
        <role-name>administrator</role-name>
</security-role>


<login-config>
        <auth-method>FORM</auth-method>
        <realm-name>java:/jaas/mySite</realm-name><!-- lorizon est le nom dans 
server conf login config  -->
                <form-login-config>                     
                        <form-login-page>/index.jsp</form-login-page><!-- 
//path to login page-->
                        <form-error-page>/index.jsp</form-error-page><!-- 
//path in case login fails -->                
                </form-login-config>
</login-config>

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982338#3982338

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3982338
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to