I just upgraded to Glassfish 3.1.1 from Glassfish 3.1 and I am having issues
with web user security. To simply reproduce the issue, I created a very
simple web project with just one content /index.html file in it, the files
for form based login, and the required web descriptors.
My web.xml contains the seucrity constraints (shown below) and I am using
Default Principal to Role Mapping, as I was in Glassfish 3.1. I have a user
in the group "user". When I try to access the test web page, the login form
page /login.html correctly asks for a login and password. If I enter a wrong
password, the failed authenticaiton /noauth.hml page shows up, but when I
enter the correct username and password, the /login.html shows up again. This
suggests that the authentication is working but the role based authorization
is failing. I have even tried to add the mapping of role to group explicitly
in the glassfish-web.xml but that does not work either.
Any help/suggestions would be most appreciated: I am hoping I am making some
simple mistake and this is not a bug...
I am attaching the war file I have created to present the test case.
...
<
security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/index.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file-realm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/noauth.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
...
--
[Message sent by forum member 'goblue2003']
View Post: http://forums.java.net/node/861990