David, Thanks for your reply.
1) Yes, the authentication works well. 2) isUserInRole() always returns false. It is called from a jsp which is not declared in the webapp protected resources (this configuration worked well in Tomcat). I'll try to declare the jsps in the protected resources to check if the problem is solved. 3) The webapp is made of jsps and servlets. The isUserInRole() call returns true in a protected servlet. Fabrice djencks wrote: > > I'd like to clarify a couple of points... > > - IIUC, you have to authenticate to access a secured page, this part > of security is working fine? > > - From a secured page, you cannot use isUserInRole()? > > - are all your pages jsps? Do they have servlet mappings? Does this > occur with a secured servlet? > > thanks > david jencks > > On Dec 17, 2009, at 7:10 AM, blb wrote: > >> >> Hi all, >> >> I am migrating from Tomcat to Geronimo and need some help to finish to >> configure security for a webapp. >> I can authenticate a user within Geronimo but I'm not able to get >> the user >> role. >> The request.isUserInRole() call always returns false. >> >> You can find below an extract of the configuration files concerned by >> security: >> http://old.nabble.com/file/p26829415/extract_geronimo-web.xml >> extract_geronimo-web.xml >> http://old.nabble.com/file/p26829415/extract_web.xml extract_web.xml >> >> Can you please tell me what's wrong (or missing) with the webapp >> configuration ? >> -- >> View this message in context: >> http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26829415.html >> Sent from the Apache Geronimo - Users mailing list archive at >> Nabble.com. >> > > > -- View this message in context: http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26843936.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.