Hi,
Since 5 days I'm trying to secure a web app, where I want to secure subfolders of the main Web Pages tree.
I'm using glassfish-v3-b68, and I setup a jdbc realm that is -- finally (2 days) --working perfectly.
However, now I created subfolders in the Web Pages tree, and I'm trying to secure those, but whatever I tried, security is simply ignored. After 1 day browsing through Google I'm giving up, this is my last resource!
Attached a zipped web folder of my test application...
The index.xhtml folder in the root of the webapp gives a choice for selecting the index.xhtml file in either the "client" or "tool" subfolder, and this file is not protected.
Subfolder "tool" should be protected, only accessible for users in the "sysadmin" group.
I tried everything I could think of in the web-resource-collection url-pattern in web.xml, like "/faces/tool/*" etc., but the setting is simply ignored... no login form shown when I click on "Tool" link on the start page.
When I set the url-pattern to "/faces/*", the login page is shown at the beginning, but that is not what I want!
Please if somebody can shed a bit more light on this.... Thanks very much!
Albert
[Message sent by forum member 'insad' (AlbSmul_at_gmx.net)]
http://forums.java.net/jive/thread.jspa?messageID=370059