Hi Mario,
So in your example application I have added a security-constraint on
the configurator application and there is a null pointer exception
when trying to access the restricted area.
Please add the following section to your web.xml file (at the very
end, just before </web-app>). Then start the application and click on
the "A PC Konfigurator" link.
<security-constraint>
<display-name>Orchestra example security</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/configurator/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>orchestra_user</role-name>
</auth-constraint>
<!--
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>-->
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/start.faces</form-login-page>
<form-error-page>/start.faces</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>orchestra_user</role-name>
</security-role>
