I'm trying to setup authentication for my application with a form login module. I think that I make all good and in fact I do not obtain errors during the deployment but if I define many security roles only the first in list gains access.For example, this is my web.xml
<security-constraint> <web-resource-collection> <web-resource-name>Restricted</web-resource-name> amministrazione <url-pattern>/index.html</url-pattern> <url-pattern>/*.html</url-pattern> ..... <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> no description <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Restricted</web-resource-name> Prenote <url-pattern>/index.html</url-pattern> <url-pattern>/*.html</url-pattern> ..... <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> <user-data-constraint> no description <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>default</realm-name> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/error.html</form-error-page> </form-login-config> </login-config> <security-role> Administrator <role-name>admin</role-name> </security-role> <security-role> Utente <role-name>user</role-name> </security-role> If i try to login as user I have this error: message Access to the requested resource has been denied description Access to the specified resource (Access to the requested resource has been denied) has been forbidden. and if I login as admin all works perfectly. Moreover I have noticed that if I exchange the order of the tag "security-constraint" and "security-role"(user declaration before admin declaration) happens exact the opposite one, that is as user all works and as admin I obtain the same error before. I just do not succeed to understand this error, can help someone me? I use jboss3.2.3. Thanks in advance and excuse for my English Mimmo View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3880357#3880357 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3880357 ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
