Of course I can:
| <security-constraint> | <display-name>My Security Constraint</display-name> | <web-resource-collection> | <web-resource-name>Protected Area</web-resource-name> | <!-- Define the context-relative URL(s) to be protected --> | <url-pattern>/view/*</url-pattern> | <url-pattern>/documentation/*</url-pattern> | <url-pattern>/control/*</url-pattern> | | <!-- If you list http methods, only those methods are protected --> | <http-method>DELETE</http-method> | <http-method>GET</http-method> | <http-method>POST</http-method> | <http-method>PUT</http-method> | </web-resource-collection> | <auth-constraint> | <!-- Anyone with one of the listed roles may access this area --> | <role-name>Administrators</role-name> | <role-name>Route Managers</role-name> | </auth-constraint> | About the second question, I know that the login module has a public Group[] getRoleSets() function, but I think it is not being called, according to the logs. Thank you for your response, Pablo J. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060253#4060253 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4060253 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
