S
Sam Zin
Hi,
I have a simple web application. Here is some of my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>user/*</web-resource-name>
<url-pattern>/user/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>userRole</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adminRole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyRealm</realm-name>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/login-error</form-error-page>
</form-login-config>
</login-config>
I login as a user with only userRole so I only have access to files
under /user, then when I click on a link /admin/index.html Jetty
simply forwards me to the /login-error which prompted me to enter
username and password (login again). When this is done, Jetty
forwarded me to the /admin/index.html page.
Then I moved to JettyPlus and this behaviour changed. Now JettyPlus
simply
gives me a "403 User not in require role" error. If I actually define
an
error-page for error-code 403 I get to that page but my requestURI is
not
preserved. So when I relogin from that page, I don't get forwarded to
/admin/index.html as I should be. Instead I go to / with the new login
info.
I'm sure this is a configuration issue since no one had this problem.
What have I missed?
Thanks in advance
Sam Zin
I have a simple web application. Here is some of my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>user/*</web-resource-name>
<url-pattern>/user/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>userRole</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>adminRole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyRealm</realm-name>
<form-login-config>
<form-login-page>/login</form-login-page>
<form-error-page>/login-error</form-error-page>
</form-login-config>
</login-config>
I login as a user with only userRole so I only have access to files
under /user, then when I click on a link /admin/index.html Jetty
simply forwards me to the /login-error which prompted me to enter
username and password (login again). When this is done, Jetty
forwarded me to the /admin/index.html page.
Then I moved to JettyPlus and this behaviour changed. Now JettyPlus
simply
gives me a "403 User not in require role" error. If I actually define
an
error-page for error-code 403 I get to that page but my requestURI is
not
preserved. So when I relogin from that page, I don't get forwarded to
/admin/index.html as I should be. Instead I go to / with the new login
info.
I'm sure this is a configuration issue since no one had this problem.
What have I missed?
Thanks in advance
Sam Zin