Hi all,
I have a web-application with keycloak. When a user have to log in this user becomes the rights to see the following pages or not. When this user loggs out an a other user loggs in with other rights to see the following pages or not, he becomes the same rights
as the first user that logged in.
In the example i log in with support and just can see the support page in the application, when i logg out an log in with admin i just can see the support page and not the admin page, even though i have the admin role. When i restart the server and first log
in as admin i can see the admin- and the support page. When i log out and now log in with support i have the support rule, but nevertheless i can see the admin- and support page.
Is there any mistake in int web.xml file ? (following):
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns=
"http://java.sun.com/xml/ns/javaee"
xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=
"http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xml"
version="3.0">
<module-name>TestWebApp</module-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Admins</web-resource-name>
<url-pattern>/views/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Support</web-resource-name>
<url-pattern>/views/support/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>support</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>test</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>support</role-name>
</security-role>
</web-app>