i have a problem with security constraint...
in the web-xml i have:
<security-constraint>
<web-resource-collection>
<web-resource-name>all</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>everyone</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>allAdmin</web-resource-name>
<url-pattern>/WebLogHelper.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>sysadm</role-name>
</auth-constraint>
</security-constraint>
what that i want is that webloghelper.jsp is usable only from sysadm role and all the
other from everyone role.
in the roles.properties i have...
USERA=everyone,sysadm
USERB=everyone
so USERB could not access to webloghelper.jsp, instead USERA can do it..
but...
ALL users can access the webloghelper.jsp resource!
Why?
Using Websphere this works!
i'm using jboss 3.2.3
thank you!
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3846725#3846725
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3846725
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
