Hi,
I'm looking to configure
JEE security in an application deployed in tcServer. I am using declarative security and have specified security constraints, authoritative constraints and security roles in my deployment descriptor.
I am using a filter class to retrieve the roles for a user from our database and a call to the request object's authoritative API (isUserInRole()) works correctly.
However, I cannot get declarative security to work as all requests to a URL I've constrained are blocked even when I have been assigned the required roles.
Is there something I need to do in tcServer to complete my configuration?
The following is by web.xml config:
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Spring PetClinic</display-name>
<description>Spring PetClinic sample application</description>
<filter>
<filter-name>siteminderFilterMock</filter-name>
<filter-class>com.abc.def.security.mock.SiteminderFilterMock</filter-class>
</filter>
<filter-mapping>
<filter-name>SiteminderFilterMock</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>securityFilter</filter-name>
<filter-class>com.abc.def.security.jee.SecuritySecurityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>securityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>petclinic.root</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/classes/log4j.properties</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-jdbc.xml
/WEB-INF/abc-application-specific-jee-security-context.xml
/WEB-INF/abc-standard-config-jee-security-context.xml
</param-value>
</context-param>
<servlet-mapping>
<servlet-name>petclinic</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>10</session-timeout>
</session-config>
<welcome-file-list>
<!-- Redirects to "welcome.htm" for dispatcher handling -->
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<error-page>
<exception-type>java.lang.Exception</exception-type>
<!-- Displays a stack trace -->
<location>/WEB-INF/jsp/uncaughtException.jsp</location>
</error-page>
<security-constraint>
<web-resource-collection>
<web-resource-name>AddOwner</web-resource-name>
<url-pattern>/addOwner.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>suser</role-name>
</auth-constraint>
</security-constraint>
<security-role><description/><role-name>suser</role-name></security-role>
</web-app>