From: <glassfish_at_javadesktop.org>
Date: Sun, 13 Dec 2009 17:42:47 PST

Folks, my formatting was terrible in the last post, sorry about that. I have reposted with better formatting and some minor corrections to make it more readable. Also, when I point to "http://localhost:8080/simplewebapp/admin/admin.jsp", I am going straight away to admin.jsp instead of login.jsp. Hope someone can advise. Thanks guys.

<br>Hi Everyone.

I hope someone can help me with this. I was following the 'Securing Web Applications' topic in chapter 2 of David R.Heffelfinger's 'Java EE 5

Development with Netbeans 6'. I have run into some problems. I am using form based authentication.

Basically I am dealing with 'web.xml', 'sun-web.xml' and the file security relam in the glassfish application server(v2). My security settings in the 'web.xml' file is as follows:

<br><br>
[b]Login Configuration[/b]<br>
---------------------------<br>
Realm name: file<br>
Form login Page: /login.jsp <br>
Form Error Page: /loginerror.jsp <br><br>


[b]Security Roles[/b]<br>
--------------------<br>
Role Name: admin<br><br>


[b]Security Constraints[/b]<br>
---------------------------<br>
Name: Administrative Pages<br>
URL Pattern: /admin/*<br><br>


My security settings for 'sun-web.xml' are as follows:<br>

[b]Security Role Mappings[/b]<br>
----------------------------------<br>

Security Role Name: admin<br>
Group Name: appadmin<br><br>




In the glassfish application server my settings are as follows:<br>
userID: peter<br>
GroupList: appadmin, appuser<br>

userID: joe<br>
GroupList: appuser<br><br>




The list of files I have in the application are as follows:<br>

webpages(folder)
                <ul>
        -WEB-INF(folder)
                                <ul>
                <li>-sun-web.xml</li>
                <li>-web.xml</li>
                                 </ul>
               </ul>
                <ul>
        -admin(folder)
                                <ul>
                <li>-admin.jsp</li>
                                </ul>
                  </ul>
                 <ul>
        <li>-login.jsp</li>
        <li>-loginerror.jsp</li>
        <li>-index.jsp</li>
                </ul>
 
When I 'run' the application I am being brought to the login.jsp, I log in with the correct user name and password and I am brought to the index.jsp page, all that is fine. However if I go to this url:"http://localhost:8080/simplewebapp/admin/admin.jsp", I am expecting to be brought back to the [b]login.jsp[/b] page, however I am not, but instead seeing the admin.jsp itself, without having to go through authentication. I hope someone can advise what is wrong. Thanks. I am using netbeans version 6.5.1 and glassfish v2 (it came together with netbeans).

regards
javaislife
[Message sent by forum member 'javaislife' ]

http://forums.java.net/jive/thread.jspa?messageID=376310