The name of the roles in security.xml should correspond with your entries in app_role DB table. In newer appfuse versions, admin role is called "ROLE_ADMIN" which was "admin" before. So ROLE_ToolAdmin probably wont work for your application.
I guess your logout is not working as intended. It doesn't seem to redirect the user to the login page. If you try to access a restricted page which requires login, e.g. http://demo.appfuse.org/appfuse-jsf/admin/users.html the user is redirected to the login page. After successfully logging in the user is redirected again, this time to page he originally tried to access (eg users.html). If you login with user/user you get access denied. If you login with admin/admin you start with user list. So in your application after admin logged out, the application tries to redirect you to the last visited page which is only accessible for the admin, not ToolAdmin/ToolUser. However in reality a real user probably wont login into the application several times with different application users and normally he will start the application with a bookmark like http://demo.appfuse.org/appfuse-jsf/login.jsp And does the application have several different mainMenu.jsp for each role? Or does the application have one mainMenu.jsp with links to other pages depending on the role as done by appfuse? René -- View this message in context: http://www.nabble.com/session-question-tp14667220s2369p14668170.html Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
