users@glassfish.java.net

The roles does't work !

From: Dyego Souza Dantas Leal <dyego.leal_at_gmail.com>
Date: Thu, 25 May 2006 10:13:46 -0300
In my application , I added the JDBC Authentication... and this is VERY GOOD, see !!!



[#|2006-05-25T10:07:46.604-0300|INFO|sun-appserver-pe9.1|javax.enterprise.system.core.security|_ThreadID=11;_ThreadName=httpWorkerThread-8080-0;|JDBC authenticating: jose|#]
[#|2006-05-25T10:07:47.696-0300|INFO|sun-appserver-pe9.1|javax.enterprise.system.core.security|_ThreadID=11;_ThreadName=httpWorkerThread-8080-0;|User validity:true|#]
[#|2006-05-25T10:07:47.704-0300|INFO|sun-appserver-pe9.1|javax.enterprise.system.core.security|_ThreadID=11;_ThreadName=httpWorkerThread-8080-0;|JDBC Groups:[Administradores, Usuarios Gerais, Localizadores, Relatorios] for user:jose|#]
[#|2006-05-25T10:07:47.705-0300|INFO|sun-appserver-pe9.1|javax.enterprise.system.core.security|_ThreadID=11;_ThreadName=httpWorkerThread-8080-0;|JDBC login succeeded for: jose groups:[Ljava.lang.String;@187b796|#]



In my Web.xml the code is:


    <security-constraint>
        <display-name>Security Test</display-name>
        <web-resource-collection>
            <web-resource-name>Administradores</web-resource-name>
            <url-pattern>/faces/welcomeJSF.jsp</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>Administradores</role-name>
        </auth-constraint>
    </security-constraint>

    <security-role>
        <description>The Administrator Role</description>       
        <role-name>Administradores</role-name>
    </security-role>   



The authtentication works fine , but , if i access the /faces/welcomeJSF.jsp and send the correct login and password , the GlassFish prints:


HTTP Status 403 - Access to the requested resource has been denied

type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

Sun Java System Application Server Platform Edition 9.1




But , the Administradores rule can be access the page !!!! this is a bug ?





-- 



-------------------------------------------------------------------------
++  Dyego Souza Dantas Leal   ++           Dep. Desenvolvimento   -------------------------------------------------------------------------
               E S C R I B A   I N F O R M A T I C A
        ***        http://javacoffe.blogspot.com        ***
-------------------------------------------------------------------------
The only stupid question is the unasked one (somewhere in Linux's HowTo)
Linux registred user : #230601
--                                        ICQ   : 1647350
$ look into "my eyes"                     Phone : +55 041 2106-1212    

look: cannot open my eyes                 Fax   : +55 041 3296-6640     -------------------------------------------------------------------------
             Reply: dyego@escriba.com.br
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.