[JBoss-user] [Security & JAAS/JBoss] - New to security in JBoss

[mdeyab]

Hi all

I defined a securtiy constraint in the web.xml file that looks like that

    <security-constraint>
        <web-resource-collection>
            <url-pattern>/timesheet/controllers/timesheets/*</url-pattern>
            <url-pattern>/Timesheets/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>employee</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

also I am using the "other" security Realm
with the files

"users.properties" that looks like the following

employee=employee
project manager=project manager
operation manager=operation manager
resource manager=resource manager
manager=manager

and "roles.properties" that looks like the following

employee=employee
project manager=project manager
operation manager=operation manager
resource manager=resource manager
manager=manager

so from my little knowledge the user employee has password employee and the 
role employee and /Timesheets/* pattern requires role employee

my welcome index file redirects to /Timesheets/Timesheets.do 
when I open the timesheet application the index file redirects to 
Timesheets/Timesheets.do so he asks for login and preview to me the 
login-form.jsp I enter usernae: employee and password: employee 

and here is the problem I excpected to log me in to the timesheets page but 
instead I have this error page

HTTP Status 403 - User is not authorized to access action /Timesheets/Timesheets
type Status report
message User is not authorized to access action /Timesheets/Timesheets
description Access to the specified resource (User is not authorized to access 
action /Timesheets/Timesheets) has been forbidden.
Apache Tomcat/5.0.28

can any one tell me what is the problem

Sorry for the long Post

yours,
Mohamed Fthay

View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3890038#3890038

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3890038


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user