Hi Wolfram,
sorry for the delayed reply. I just had enough of bug searching so I started
a new web app just with jsp and jsf. And I did make the changes that you
suggested in my web.xml. My web.xml now looks like this:
<security-constraint>
<display-name>TestApp Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/secure.faces</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
This app DOES WORK on the same Glassfish server. The page is secured by
HTTPS. I tried secure.jsp and secure.faces. Both alternatives work. The
HTTPS secured website also works with JSF tags (usually one faces the
"FacesContext not found" exception).
However, the same web.xml contraints do not work in my other webapp. I'm
using myfaces and Acegi security in my other webapp where the constreaint
does not work. I kicked out Acegi for a test but the HTTP 403 still remains.
So I have some more tracking to do to find out who's responsible for this
error. I'm going to let you know, as soon as I found it.
Thanks again for your help!
Cheers,
Joerg
----- Original Message -----
From: "Wolfram Rittmeyer" <w.rittmeyer_at_jsptutorial.org>
To: <users_at_glassfish.dev.java.net>
Sent: Tuesday, March 25, 2008 9:54 PM
Subject: Re: Question regarding SSL (HTTPS)
> Joerg Gippert wrote:
>> Hi Wolfram,
>>
>> thank you for your quick response. You were right, the transport
>> guarantee tag was missing I updated my web.xml accordingly and
>> redeployed my webapp (Actually, I'm using an .ear file which contains my
>> webapp). However, that didn't solve the problem. It still gives me an
>> HTTP 403 if I want to access the page. Is there anything else I could try
>> out?
>
> Hi Joerg,
>
> did you delete the lines with <auth-constraint>...</auth-constraint>? It
> is essential that you also delete the <auth-constraint>-elements themself,
> deleteing the subelements is not enough!
>
>
> --
> Wolfram Rittmeyer
>
>>
>> Thanks,
>> Joerg
>>
>> PS: I Corrected the subject. Didn't sound right :)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>