It is all restricted content. The whole website contains confidential information:
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
Declarative security tests
<url-pattern>/restricted/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>
<user-data-constraint>
no description
<transport-guarantee>GUARANTEED</transport-guarantee>
</user-data-constraint>
</security-constraint>
It looks like it has something to do with datasource JNDI binding, as if the first
datasource is the only one to get a user. It does login correctly, but after that the
page just shows the elements that are not user-dependent.
For example, I have a menu. I have struts in conjunction with XML/XSL setup. So the
controller struts processor executes by passing the request form (action form) to a
class which retrieves XML from businessobjects. So the menu page loads by getting
user, and depending on the user giving back xml:
if (_user.shouldChangePassword()) {
| buffer
| .append(" <menugroup id=\"personal\"
menutitle=\"Personal site\">\n")
| .append(" <menuitem>\n")
| .append(" <item_id>login</item_id>\n")
| .append(" <do_auto>true</do_auto>\n")
| .append(" <menu_id>menu1</menu_id>\n")
| .append("
<menu_action>move('userdata.do');</menu_action>\n")
| .append(" <menutitel>")
| .append("Inloggegevens")
| .append("</menutitel>\n")
| .append("
<menuevent>move('userdata.do');</menuevent>\n")
| .append(" </menuitem>\n")
| .append(" </menugroup>\n")
| .append("\n");
| } else {
etc.
The menupage also has an xsl, and the action transforms the xml to html using this
xsl. The page the is written to the response. In the case of jboss 3.07, alls well. In
the case of 3.2.x, first realm to login is well, even multiple users on that realm get
their own menus perfectly.
However, loggin in to a second realm (different customer) the menu just shows the
stuff that is not user-dependent.
All is https...
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3837073#3837073
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3837073
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
