Hi Everyone.
I hope someone can help me with this. I was following the 'Securing Web Applications' topic in chapter 2 of David R.Heffelfinger's 'Java EE 5
Development with Netbeans 6'. I have run into some problems. I am using form based authentication.
Basically I am dealing with 'web.xml', 'sun-web.xml' and the file security relam in the glassfish application server(v2). My security settings in the
'web.xml' file is as follows:
[b]Login Configuration[/b]
---------------------------
Realm name: file
Form login Page: /login.jsp
Form Error Page: /loginerror.jsp
[b]Security Roles[/b]
--------------------
Role Name: admin
[b]Security Constraints[/b]
---------------------------
Name: Administrative Pages
URL Pattern: /admin/*
My security settings for 'sun-web.xml' are as follows:
[b]Security Role Mappings[/b]
----------------------------------
Security Role Name: admin
Group Name: appadmin
In the glassfish application server my settings are as follows:
userID: peter
GroupList: appadmin, appuser
userID: joe
GroupList: appuser
The list of files I have in the application are as follows:
webpages(folder)
<ul>
-WEB-INF(folder)
<ul>
<li>-sun-web.xml</li>
<li>-web.xml</li>
</ul>
</ul>
<ul>
-admin(folder)
<ul>
<li>-admin.jsp</li>
</ul>
</ul>
<ul>
<li>-login.jsp</li>
<li>-loginerror.jsp</li>
<li>-index.jsp</li>
</ul>
When I 'run' the application I am being brought to the login.jsp, I log in with the correct user name and password and I am brought to the index.jsp page, all that is fine. However if I go to this url:"
http://localhost:8080/simplewebapp/admin/admin.jsp", I am expecting to be brought back to the admin page, however I am not, but instead seeing the admin.jsp itself, without having to go through authentication. I hope someone can advise what is wrong. Thanks. I am using netbeans version 6.5.1 and glassfish v2 (it came together with netbeans).
regards
javaislife
[Message sent by forum member 'javaislife' ]
http://forums.java.net/jive/thread.jspa?messageID=376276