how is your security mapping in the web.xml and sun-web.xml ?
On Thu, Feb 4, 2010 at 10:52 AM, <glassfish_at_javadesktop.org> wrote:
> Hello,
>
> I'm using Hibernate with domain to table mapping so my tables are generated automaticly. I also have an entity for Users and Groups for the Glassfish security.
>
> I can login with a "j_security_check" (bad usernames/passwords are succesfully recognised) but it's like the groups are not recognised: I can access both "/admin" as "/user" pages with a "user" role and vica versa.
>
> Eg:
> [i]request.isUserInRole("ADMIN") +" "+ request.isUserInRole("USER")+" "+ request.isUserInRole("NONEXISTINGROLE")[/i]
>
> for loggedin USER: returns true true false
> for loggedin ADMIN returns true true false
>
> I included my files and here is my glassfish realm settings:
>
> Jaas Context: jdbcRealm
> JNDI: jdbc/competenceTool
> User table: securityuser
> User name column: userid
> Password Column: password
> Group Table: securitygroup
> Group Name Column: groupId
> Assign Groups: ADMIN,USER
>
> I hope this is clear and someone sees the problem.
>
> Thank you very much!
> [Message sent by forum member 'sizzla' (michael_bavin_at_hotmail.com)]
>
> http://forums.java.net/jive/thread.jspa?messageID=384702
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
--
------------------------------------------
Felipe Gaścho
10+ Java Programmer
CEJUG Senior Advisor