Protected pages not protected...
Hello,
I use Sun Java System Application Server Platform Edition 9.0 Update 1 Patch 1 and NetBeans 5.5.
I have tried to protect some pages like it is explained in the page http://testwww.netbeans.org/kb/articles/security-webapps.html but the protected pages are not protected at all: no form is displayed to ask me the name and the password of the user and the protected pages are displayed. I have certainly made a basic error but I cannot find it.
Please, can you help me?
Thanks in advance for your answers.
Richard
Here are the web.xml and the sun-web.xml of my application.
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>AdminConstraint</display-name>
<web-resource-collection>
<web-resource-name>Admin</web-resource-name>
<description>Admin zone</description>
<url-pattern>/secureAdmin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>UserConstraint</display-name>
<web-resource-collection>
<web-resource-name>User</web-resource-name>
<description>User zone</description>
<url-pattern>/secureUser/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
<security-role>
<description>Administrators</description>
<role-name>Admin</role-name>
</security-role>
<security-role>
<description>User</description>
<role-name>User</role-name>
</security-role>
</web-app>
sun-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
<context-root>/WebApplicationSecurity</context-root>
<security-role-mapping>
<role-name>Admin</role-name>
<principal-name>admin</principal-name>
</security-role-mapping>
<security-role-mapping>
<role-name>User</role-name>
<principal-name>user</principal-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="classdebuginfo" value="true">
<description>Enable debug info compilation in the generated servlet class</description>
</property>
<property name="mappedfile" value="true">
<description>Maintain a one-to-one correspondence between static content and the generated servlet class' java code</description>
</property>
</jsp-config>
</sun-web-app>
PS. When I start the server, an error is displayed but the server starts nevertheless:
Could not load Logmanager "com.sun.enterprise.server.logging.ServerLogManager"
java.lang.ClassNotFoundException: com.sun.enterprise.server.logging.ServerLogManager
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
.......
