Hi,
I have been running a JSF application which works fine on Sun Application Server V9 but fails the permission check on GlassFish V3 and Oracles GlassFish V3.
The reported error in the log is:
[#|2010-09-08T10:20:22.086+1200 |INFO|glassfish3.0.1|javax.enterprise.system.core.security|_ThreadID=34;_ThreadName=Thread-1;|JACC Policy Provider: Failed Permission Check, context(jsf1/jsf1)- permission((javax.security.jacc.WebUserDataPermission /crudCustomer.faces GET))|#]
The security role in sun-web.xml is:
<security-role-mapping>
<role-name>helloUser</role-name>
<group-name>user</group-name>
</security-role-mapping>
The security constraint is in web.xml is:
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>ExampleWRCollection</web-resource-name>
<url-pattern>/crudCustomer.faces</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>helloUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
All application servers are configured the same with helloUser set as a member of group users and given a password. If the security constraint and role mapping are commented out the application works on Oracle GlassFish and Open Source GlassFish
Can anyone help me out?
Cheers,
JR
[Message sent by forum member 'jdraven']
http://forums.java.net/jive/thread.jspa?messageID=482084