Hello,
I'm currently trying to migrate a webapp from weblogic8.1 to JBoss, and I'm meeting a problem I hadn't with WLS. My webapp has a <security-constraint> section with <auth-constraint>. I'm using Form authentication with DB Realm. My problem is that I can log in my webapp, but I get a 403 saying I'm not allowed to access ressources. I checked several things : - I can log in, ie login/password are checked against DB, so this part works. If I give a wrong password, I get <form-error-page> page. - I added a piece of code in my 403.jsp. I added 3 lines : 0. System.out.println(request.getRemoteUser()); --> return djeanprost 1. System.out.println(request.isUserInRole("collaborateur")); where collaborateur is a group of my group table. --> Return true, which is normal to me. 2. System.out.println(request.isUserInRole("utilisateurCollaborateur")); --> false utilisateurCollaborateur is a role I specified in the <auth-constraint> section in the web.xml. I also have a <security-role> section where I declare the utilisateurCollaborateur role name. In my jboss-web.xml, I have a <security-role> <role-name>utilisateurCollaborateur</role-name> <principal-name>collaborateur</principal-name> <principal-name>djeanprost</principal-name> </security-role> where I map utilisateurCollaborateur to collaborateur and djeanprost. I added the principal name djeanprost to add a test : it does not work neither. I conclude the mapping from utilisateurCollaborateur to collaborateur is not done. Where am I wrong ? Regards, Dom View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3887704#3887704 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3887704 ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user