Hello, Where can I find detailed description of the subj? For instance what the difference is between using <auth-constraint> in <security-constraint> or omitting it?
Also in web-app_2_3.dtd: anonymous wrote : The auth-constraint element indicates the user roles that should | be permitted access to this resource collection. The role-name | used here must either correspond to the role-name of one of the | security-role elements defined for this web application, or be | the specially reserved role-name "*" that is a compact syntax for | indicating all roles in the web application. If both "*" and | rolenames appear, the container interprets this as all roles. | If no roles are defined, no user is allowed access to the portion of | the web application described by the containing security-constraint. | The container matches role names case sensitively when determining | access. I have following configuration (here users will be redirected to login page if it's configured): <security-constraint> | <web-resource-collection> | <web-resource-name>secure</web-resource-name> | <url-pattern>/secure/*</url-pattern> | </web-resource-collection> | <user-data-constraint> | <transport-guarantee>CONFIDENTIAL</transport-guarantee> | </user-data-constraint> | <auth-constraint> | </auth-constraint> | </security-constraint> And in this configuration I get 403 error (even if login is configured). The only difference is that <auth-constraint> is omitted. <security-constraint> | <web-resource-collection> | <web-resource-name>secure</web-resource-name> | <url-pattern>/secure/*</url-pattern> | </web-resource-collection> | <user-data-constraint> | <transport-guarantee>CONFIDENTIAL</transport-guarantee> | </user-data-constraint> | </security-constraint> I am not a native speaker and I can have problems understanding quoted text. But as I understand if I specify empty <auth-constraint> no users could ever see the portion of the site described by <security-constraint>. But instead users are redirected to the login page. And if I omit <auth-constraint> I always get 403 error (with or without login configuration). With regards, Pavel Krupets View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3859425#3859425 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3859425 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
