<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Hi all,<br>
<br>
I have a web-application with keycloak. When a user have to log in this user becomes the rights to see the following pages or not. When this user loggs out an a other user loggs in with other rights to see the following pages or not, he becomes the same rights
as the first user that logged in. <br>
In the example i log in with support and just can see the support page in the application, when i logg out an log in with admin i just can see the support page and not the admin page, even though i have the admin role. When i restart the server and first log
in as admin i can see the admin- and the support page. When i log out and now log in with support i have the support rule, but nevertheless i can see the admin- and support page.<br>
<br>
Is there any mistake in int web.xml file ? (following):<br>
<br>
<?xml version="1.0" encoding="UTF-8"?><br>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"<br>
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"<br>
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xml"<br>
version="3.0"><br>
<br>
<module-name>TestWebApp</module-name><br>
<br>
<security-constraint><br>
<web-resource-collection><br>
<web-resource-name>Admins</web-resource-name><br>
<url-pattern>/views/admin/*</url-pattern><br>
</web-resource-collection><br>
<auth-constraint><br>
<role-name>admin</role-name><br>
</auth-constraint><br>
</security-constraint><br>
<security-constraint><br>
<web-resource-collection><br>
<web-resource-name>Support</web-resource-name><br>
<url-pattern>/views/support/*</url-pattern><br>
</web-resource-collection><br>
<auth-constraint><br>
<role-name>admin</role-name><br>
<role-name>support</role-name><br>
</auth-constraint><br>
</security-constraint><br>
<br>
<login-config><br>
<auth-method>KEYCLOAK</auth-method><br>
<realm-name>test</realm-name><br>
</login-config><br>
<br>
<security-role><br>
<role-name>admin</role-name><br>
</security-role><br>
<security-role><br>
<role-name>support</role-name><br>
</security-role><br>
<br>
</web-app><br>
</div>
</body>
</html>