> I am currently attempting the sun-web.xml approach
> [#1]
>
> I have managed to get authorized to get past the
> web.xml <auth-constraint> entries and view pages.
> However, when my code makes calls to
> HttpServletRequest.isUserInRole() it returns false,
> even though I can navigate to a page with an
> <auth-constraint> that has the same role assigned.
That sounds like a bug, but we are not aware of any such bug with GF. If there is a Role inside an <auth-constraint> which applies to a webresource collection and you were able to access the resource then isUserInRole should not be false. Can you give us a smaller reproducable testcase for this.
Thanks.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=321390