Last thing that may help activating the debug to 99 in the configuration of the JDBCRealm I see "Username simone successfully authenticated" also when the rolename is not inside the one allowed for the application ------------------------- Simone Chiaretta <http://www.piyosailing.com/S> www.piyosailing.com/S Any sufficiently advanced technology is indistinguishable from magic "Life is short, play hard"
-----Messaggio originale----- Da: Simone - Dev [mailto:[EMAIL PROTECTED] Inviato: giovedì 25 marzo 2004 15.00 A: '[EMAIL PROTECTED]' Oggetto: R: Problem using form login auth Forgot to tell I tryed also without JDBCRealm but the more usual Memory and I'm using tomcat 5.0.18 Simone ------------------------- Simone Chiaretta <http://www.piyosailing.com/S> www.piyosailing.com/S Any sufficiently advanced technology is indistinguishable from magic "Life is short, play hard" -----Messaggio originale----- Da: Simone - Dev [mailto:[EMAIL PROTECTED] Inviato: giovedì 25 marzo 2004 14.50 A: '[EMAIL PROTECTED]' Oggetto: Problem using form login auth Hello All, I've a strange problem using the form login coupled with JDBCRealm. This the web.xml I'm using <web-app> <security-constraint> <display-name>Example Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>/protected/*</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>manager</role-name> </auth-constraint> </security-constraint> <!-- Default login configuration uses form-based authentication --> <login-config> <auth-method>FORM</auth-method> <realm-name>Example Form-Based Authentication Area</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description>An administrator</description> <role-name>manager</role-name> </security-role> </web-app> The strange behaveur is that if I logon using a completely wrong user (either user or password invalid) I get redirected to the error.jsp page but if I type in a user that has not the "manager" role I get redirected to the originally requested page (/protected/index.jsp) but then get a 403 error (Access denied) Can't get to solve this... Thank you Simone ------------------------- Simone Chiaretta <http://www.piyosailing.com/S> www.piyosailing.com/S Any sufficiently advanced technology is indistinguishable from magic "Life is short, play hard"