It seems that my problem was that I was forgetting the servlet mapping for
my JSP. I added that in and it seems to work just fine. N00b mistake :)
On 8/12/06, Nathan Mittler <nathan.mittler@gmail.com > wrote:
>
> I have a very simple web app (just a single JSP) and I seem to be unable
> to restrict access to it. I am fairly new to J2EE so it is entirely
> possible (and likely) that I'm doing something wrong.
>
> Here's the content of my web.xml:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected</web-resource-name>
> <url-pattern>/SimpleSecureWebApp/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Ch14Realm</realm-name>
> </login-config>
> <security-role>
> <role-name>admin</role-name>
> </security-role>
>
> and here's my geronimo-web.xml:
>
> <context-root>SimpleSecureWebApp</context-root>
> <security-realm-name>Ch14Realm</security-realm-name>
> <security>
> <default-principal>
> <principal name="normal_users" class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
> </default-principal>
> <role-mappings>
> <role role-name="admin">
> <principal name="admin_users" designated-run-as="true" class="
> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
> </role>
> </role-mappings>
> </security>
>
> I had previously deployed an SQL realm named Ch14Realm and had tested the
> logins successfully.
>
> When I go to <geronimo>/SimpleSecureWebApp/index.jsp, I am expecting to be
> prompted for a username and password. Instead, I am just brought directly
> to my index.jsp page.
>
> Any help would be greatly appreciated!
>
> Thanks,
> Nathan Mittler
>
|