In tomcat-users.xml is defined user and roles:
<user username="admin" password="admin" roles="user,admin,APP_ADMIN"/>
and application security is defined as:
<security-constraint>
<web-resource-collection>
<web-resource-name>Dynamic pages</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>These are the roles who have access.</description>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<description></description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
But when I login as admin into application it gives me always HTTP 403 not authorized.
I checked roles with JSP scriplet:
out.write(request.getUserPrincipal().toString());
And it prints:
User username="admin", roles="user,admin,APP_ADMIN"
But when i check isUserInRole:
out.write(request.isUserInRole("APP_ADMIN") ? "Yep" : "nope");
Gets:
nope
Tomcat version is 7.0.55
Aucun commentaire:
Enregistrer un commentaire