Sorry for posting to dev-list. Unintentionally.... Monday, June 10, 2002, 11:56:54 AM, you wrote:
AL> Hi, AL> I have problems with defining security constraints in web.xml. I AL> defined two roles. For each role I defined its own security-constraint. AL> But only the first defined constraint works properly. It seems like the constraint AL> for the second role is omitted. And accessing restricted urls with the AL> second role results in "Access to requested resource has been denied". AL> If I change the order of security-constraint elements in web.xml then AL> other role is authenticated/authorized properly. AL> Has anyone experienced such a problem? What do I do wrong? AL> TIA, AL> alex AL> Environment: JBoss-3.1.0alpha/Tomcat-4.0.2, Win2000, JDK-1.4 AL> Here is the security constraints: AL> <security-constraint> AL> <web-resource-collection> AL> <web-resource-name>MTCatalog Admin</web-resource-name> AL> <description>admin constraint</description> AL> <url-pattern>/*</url-pattern> AL> <http-method>HEAD</http-method> AL> <http-method>GET</http-method> AL> <http-method>POST</http-method> AL> <http-method>PUT</http-method> AL> <http-method>DELETE</http-method> AL> </web-resource-collection> AL> <auth-constraint> AL> <role-name>Admin</role-name> AL> </auth-constraint> AL> <user-data-constraint> AL> <description>no description</description> AL> <transport-guarantee>NONE</transport-guarantee> AL> </user-data-constraint> AL> </security-constraint> AL> <security-constraint> AL> <web-resource-collection> AL> <web-resource-name>MTCatalog ResourceOwner</web-resource-name> AL> <description>owner constraint</description> AL> <url-pattern>/*</url-pattern> AL> <http-method>HEAD</http-method> AL> <http-method>GET</http-method> AL> <http-method>POST</http-method> AL> <http-method>PUT</http-method> AL> <http-method>DELETE</http-method> AL> </web-resource-collection> AL> <auth-constraint> AL> <role-name>ResourceOwner</role-name> AL> </auth-constraint> AL> <user-data-constraint> AL> <description>no description</description> AL> <transport-guarantee>NONE</transport-guarantee> AL> </user-data-constraint> AL> </security-constraint> -- Best regards, Alex Loubyansky _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development