golgoth golgoth - 1 year ago 66
SQL Question

Jetty JDBCLoginService role based access not working

This is a follow up from this post: Jetty JDBCLoginService using null in mysql request where you can find the realm configuration.

I'm using jetty JDBCLoginService to do the authorization in my app,
i have, of course, value in my database.
the authorization part of my web.xml

Areas with authentication required
<url-pattern> /protected/* </url-pattern>
<transport-guarantee> NONE </transport-guarantee>

the login part of my backingbean:

public void login() {
ExternalContext externalContext = FacesContext.getCurrentInstance().getExternalContext();
HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();
try {
Faces.login(getUsername(), getPassword());
FacesContext.getCurrentInstance().getExternalContext().redirect(request.getContextPath() + "/protected/statistiques.jsf");
catch (ServletException ex) {
FacesContext context = FacesContext.getCurrentInstance();
new FacesMessage(
} catch (IOException e) {

While using it i always get a 403 with !role in the console, if i use ** i can log into the app.

I am missing something in my backing bean or is the problem jetty related?

Answer Source

Ok so i was wissing the roles in my web.xml, eg:


it seems:


means any role kown to the app, not any role in the database.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download