I am trying to verify the Web APP security with Glassfish. Following is
the extract of a web.xml of a sample web app (with form-based
authentication) :
<web-resource-collection>
<web-resource-name>Administration</web-resource-name>
<url-pattern>
/admin/*</url-pattern>
</web-resource-collection>
This is to protect resources under /admin
But in my test domain running on Solaris, the server didn't treat the
/admin/admin.jsp as the protected resource and instead of directing to
the login page, admin.jsp got displayed without authentication. This
seem to be a problem on Glassfish build: (build b08-p03) and works as
expected on build b05-p01.
Any pointer on what could be going on here?
Thanks,
Pavneet