Why security constraint in my web.xml does not work?
pierfra Jul 6, 2015 4:01 PMi have in standalone.xml in wildfly 9.0.o cr2 this security domain
-<security-domain name="MyLoginModule" cache-type="default">
-<authentication>
-<login-module flag="required" code="Database">
<module-option name="dsJndiName" value="java:/ds/MyDS"/>
<module-option name="principalsQuery" value="Select Password from Principals where PrincipalID=?"/>
<module-option name="rolesQuery" value="Select Role 'Roles', RoleGroup 'RoleGroups' from Roles where PrincipalID=?"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="HEX"/>
</login-module>
</authentication>
</security-domain>
--------------------------------------------------
The authentication to my application is ok. The authorization instead does not work.
This is the part in web.xml for authorization :
<security-constraint>
<display-name>Vincoli SSN</display-name>
<web-resource-collection>
<web-resource-name>Protette Application Server SSN</web-resource-name>
<description>Protette Application Server</description>
<url-pattern>/HeartBeatAction.do</url-pattern>
<url-pattern>/CU010GestioneApplicationServer.do</url-pattern>
<url-pattern>/CU010DettaglioApplicationServer.do</url-pattern>
<url-pattern>/CU010AcquisizioneApplicationServer.do</url-pattern>
<url-pattern>/CU010ImportazioneApplicationServer.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>Amministratore SSN</description>
<role-name>Amministratore_sistema_SSN</role-name>
</auth-constraint>
</security-constraint>
I tried with all roles of my databse module but i can access to my actions and jsp pages only if i cut all security constraint from web.xml.
Someone can help me?
Thanks
Pierfrancesco