I'm very new to EJB security and GlassFish authentication, authorization mechanism. I'm working on a jsf visual web application with Netbeans 6.5.1 and Glassfish v2. I have a jdbc realm and configured sun-web.xml and web.xml to map the roles and restrict access to a page.
However, my problem is that when I restrict access to all the pages, it works and triggers the login pop up before loading the welcome page (using BASIC authentication). but when I restrict access to a page in a folder security, GlassFish does not prompt the login and redirects the user to the restricted page.
This is the role mapping in my sun-web.xml
<security-role-mapping>
<role-name>Employee</role-name>
<group-name>Employee</group-name>
</security-role-mapping>
and this is my web.xml
<security-constraint>
<display-name>Login Constraint</display-name>
<web-resource-collection>
<web-resource-name>User Redirect page</web-resource-name>
<description/>
<url-pattern>/security/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>Employee</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>deliverySecurity</realm-name>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/index.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>Employee</role-name>
</security-role>
Please help me solve the problem. Thanks a lot in advance.
[Message sent by forum member 'cadii' (vishanka18_at_yahoo.com)]
http://forums.java.net/jive/thread.jspa?messageID=390457