I'm attempting to move a small application from JBoss to
Glassfish-v2-b28. But I seem to be having a small (i hope) issue with
configuring JDBCRealm in my application. I think I'm close but I could
use a hint to get the rest of the way.
Using the admin console I added a jdbc realm setting the necessary
properties. I added a few entries to my war archive (part of an ear) so
the application would look to the jdbc-realm for its form login. When I
run the application the server refers me to the login page as expected.
When I attempt to login the server logs (set to FINEST on security)
indicate a successful login. Also, I see messages in the logs which seem
to indicate that the server can see the roles associated with my login.
However, after leaving the login page I get an:
Access to the requested resource has been denied
for the index.jsp file and the logs indicate that 'result was (false)
permission' for index.jsp.
Could someone offer a hint on what I might do next to trouble shoot this
issue?
Below is a snipped of my web.xml file:
<!-- Authentication -->
<security-constraint>
<display-name>DefaultSecurityConstraintForThisApplication</display-name>
<web-resource-collection>
<web-resource-name>restricted</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
<url-pattern>/pages</url-pattern>
<url-pattern>/pages/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>Admin</role-name>
<role-name>employee</role-name>
<role-name>manager</role-name>
<role-name>quality</role-name>
<role-name>supervisor</role-name>
<role-name>syadmin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>Admin</role-name>
</security-role>
<security-role>
<role-name>employee</role-name>
</security-role>
<security-role>
<role-name>manager</role-name>
</security-role>
<security-role>
<role-name>quality</role-name>
</security-role>
<security-role>
<role-name>supervisor</role-name>
</security-role>
<security-role>
<role-name>syadmin</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>jdbc-realm</realm-name>
<form-login-config>
<form-login-page>/auth.jsp</form-login-page>
<form-error-page>/autherror.jsp</form-error-page>
</form-login-config>
</login-config>
Dennis