Im trying to make tomcat work with my jsecurity setup but Im having some
problems.
My jsp's are in different folders to make them more organized in sake of
security. So I have a main folder called JSP with 3 subfolders in it.
So I have 3 <security-constraint> tags setup depending on the folder I want
to access so I have something like:
<security-constraint>
<web-resource-collection>
<web-resource-name>Comun</web-resource-name>
<description> accessible by authenticated users of the DB
role</description>
<url-pattern>/JSP/Comun/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>Este rol tiene accesso limitado</description>
<role-name>manager</role-name>
<role-name>Administracion</role-name>
<role-name>Gerencia</role-name>
<role-name>Medico</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin</web-resource-name>
<description> accessible by authenticated users of the DB
role</description>
<url-pattern>/JSP/Admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>Este rol tiene accesso limitado</description>
<role-name>Administracion</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
But this dosent seem to work, first of all the login page is not displayed
and everyone seems to have access to the whole app.
The if I try
<security-constraint>
<web-resource-collection>
<web-resource-name>MedPro</web-resource-name>
<description> accessible by authenticated users of the DB
role</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>Este rol tiene accesso ilimitado</description>
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Then I get the login page but only the manager can access, and the rest
cant.
How can I make it work?
Thanks.
I have attached a file in case you want to see it more clearly.
http://www.nabble.com/file/p21671743/sample.xml sample.xml
--
View this message in context:
http://www.nabble.com/Tomcat-and-jsecurity-help-tp21671743p21671743.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
