Thanks Rene, This does make a lot of sense. Ofcourse, I still have to digest all of it ;-)
I will check on the login page and see what I have done differently. Vanessa Pacheco Programmer Bowman Systems L.L.C 318.213.8780x307 ====================================== IMPORTANT WARNING: This message is intended for the use of the person or entity to which it is addressed and may contain information that is privileged and confidential, the disclosure of which is governed by applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this information is strictly prohibited. If you have received this message in error, please notify the sender immediately and arrange for the return or destruction of these documents. -----Original Message----- From: Rene Guenther [mailto:[EMAIL PROTECTED] Sent: Monday, January 07, 2008 10:23 AM To: [email protected] Subject: Re: [appfuse-user] session question The name of the roles in security.xml should correspond with your entries in app_role DB table. In newer appfuse versions, admin role is called "ROLE_ADMIN" which was "admin" before. So ROLE_ToolAdmin probably wont work for your application. I guess your logout is not working as intended. It doesn't seem to redirect the user to the login page. If you try to access a restricted page which requires login, e.g. http://demo.appfuse.org/appfuse-jsf/admin/users.html the user is redirected to the login page. After successfully logging in the user is redirected again, this time to page he originally tried to access (eg users.html). If you login with user/user you get access denied. If you login with admin/admin you start with user list. So in your application after admin logged out, the application tries to redirect you to the last visited page which is only accessible for the admin, not ToolAdmin/ToolUser. However in reality a real user probably wont login into the application several times with different application users and normally he will start the application with a bookmark like http://demo.appfuse.org/appfuse-jsf/login.jsp And does the application have several different mainMenu.jsp for each role? Or does the application have one mainMenu.jsp with links to other pages depending on the role as done by appfuse? René -- View this message in context: http://www.nabble.com/session-question-tp14667220s2369p14668170.html Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
