I am trying to set up basic Authentication on WebLogic9.
I have created a user and his role from the console. the same was ampped in web.xml
From my
jsp, when i click a link, i get a pop-up to enter username and password.
The Problem:
even If the user provides correct userid/password, he gets a 403 Forbidden page, instead of being forwarded to a new page.
descriptors:
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<
servlet>
<servlet-name>action</servlet-name>
<servlet-class>
org.apache.struts.action.ActionServlet
</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<!--<security-role-ref>
<role-name>admin</role-name>
<role-link>HomePageAdmin</role-link>
</security-role-ref>-->
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<taglib>
<taglib-uri>/WEB-INF/struts-bean.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-html.tld</taglib-location>
</taglib>
<security-constraint>
<web-resource-collection>
<web-resource-name>adminJsp</web-resource-name>
<url-pattern>/a_admin_user_homepage.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>HomePageAdmin</role-name>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/fail.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>HomePageAdmin</role-name>
</security-role>
<security-role>
<role-name>Admin</role-name>
</security-role>
</web-app>