[appengine-java] Declarative Security with problems for role-name *

Sun, 17 Jan 2010 13:45:32 -0800 

I am trying to use declarative security in my web.xml file to require
a google login to access my web  pages. I allow role-name * and role-
name admin. I placed a portion of the file below. When I access a web
page music.jsp, I get prompted for my login.  I am (admin) role, it
works perfectly. However if my wife accesses music.jsp web page, she
gets prompted for login but then gets Error Forbidden Your client does
not have permission to get URL /music.jsp from this service.

Any ideas?

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>controlAccess</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <web-resource-collection>
      <web-resource-name>controlJspAccess</web-resource-name>
      <url-pattern>/*.jsp</url-pattern>
    </web-resource-collection>
    <web-resource-collection>
      <web-resource-name>controlControllerServletAccess</web-resource-
name>
      <url-pattern>/ControllerServlet</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>

Thank you
Dave

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine for Java" group.
To post to this group, send email to google-appengine-j...@googlegroups.com.
To unsubscribe from this group, send email to 
google-appengine-java+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/google-appengine-java?hl=en.

Reply via email to