Enabling Java EE Security in OpenShift Application
By default few of the security features are turned off in OpenShift JBoss 7.1 cartridge. If you want to use the Java EE security features first you need to define your security roles and constraints in your deployment descriptor, e.g. web.xml: <?xml version="1.0" encoding="UTF-8"?> <web-app> // ... <security-role> <role-name>admin</role-name> </security-role> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/admin/login.xhtml</form-login-page> <form-error-page>/admin/login.xhtml?error=1</form-error-page> </form-login-config> </login-config> <security-constraint> <web-resource-collection> <web-resource-name>Modify questions section</web-resource-name> <url-pattern>/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> </web-app> (I’ve omitted the logging form source code as it’s not the main point here....