I've configured my Java EE app to use declarative security with JAAS (I've even implemented a custom LoginModule). The problem is that every time I change the url path (e.g. from http://mysite/restricted to http://mysite/restricted/configs), the system asks me to login again!!!!
After searching a little I found out that a new Session is being created every time I change the directory (there are cookies for each path). So I guess that the authentication is done for the开发者_如何学运维 session (seems obvious). But... how do I solve this? I need subdirectories to apply security by linking them with roles (role X can access /restricted/some-function/*). Also, I need that some roles (e.g. Manager) have access to all subdirectories without needing to login everytime.
What am I missing?
You should set the path of your cookies to /.
For Tomcat: http://tomcat.apache.org/tomcat-7.0-doc/config/context.html (Search for sessionCookiePath.)
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论