[jboss-user] [Security & JAAS/JBoss] - HTTP Status 403 - logging with another role causes error
neglli@gmx.de
do-not-reply at jboss.com
Wed Jan 9 05:55:39 EST 2008
hi evereybody!
we are using different roles in our project: child and parent. for the parents site only parents should have access to the secured pages.
we are using form-based authentication.
when i log in with a user, that is not registered in our db, everything works fine and I am redirected to the login-error-page. when i log in as parent, also everything works fine and i am getting access to the secured page.
but when i log in as child (which is a proper defined role), i a not redirected to the login-error-page..
why? what do i have to change?
the relating passage of web.xml looks like this:
<!-- security -->
<security-constraint>
<display-name>SaferWebSecurity</display-name>
<web-resource-collection>
<web-resource-name>
SecureResource
</web-resource-name>
<url-pattern>/forwardPage.iface</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>P</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/loginError.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
Parent
<role-name>P</role-name>
</security-role>
<security-role>
Child
<role-name>C</role-name>
</security-role>
i'm looking forward for your answers.
cheers stefan
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4118198#4118198
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4118198
More information about the jboss-user
mailing list