Hello All,
I've a strange problem using the form login coupled with JDBCRealm.
This the web.xml I'm using
<web-app>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/protected/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>An administrator</description>
<role-name>manager</role-name>
</security-role>
</web-app>
The strange behaveur is that if I logon using a completely wrong user
(either user or password invalid) I get redirected to the error.jsp page
but if I type in a user that has not the "manager" role I get redirected
to the originally requested page (/protected/index.jsp) but then get a
403 error (Access denied)
Can't get to solve this...
Thank you
Simone
-------------------------
Simone Chiaretta
<http://www.piyosailing.com/S> www.piyosailing.com/S
Any sufficiently advanced technology is indistinguishable from magic
"Life is short, play hard"
