Title: Use Role-Based Security In Servlets Describe the issue: https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.1/html-single/Development_Guide/index.html#Use_Role-Based_Security_In_Servlets Procedure 14.2. Add Role-Based Security to Servlets, step 2 has incorrect xml It needs to become: <security-constraint> <display-name>Restrict access to role eap_admin</display-name> <web-resource-collection> <web-resource-name>Restrict access to role eap_admin</web-resource-name> <url-pattern>/DisplayOpResult/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>eap_admin</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>eap_admin</role-name> </security-role> e.g. the security role is defined outside of the constraint. The example is also missing a login-config element. Example: <login-config> <auth-method>BASIC</auth-method> </login-config> A note should be added along these lines: ------ You need to specify the authentication method, which can be BASIC, FORM, DIGEST, CLIENT-CERT, SPNEGO. In this example we use BASIC for simplicity. ------ Lastly, it would be good to summarize the full web.xml: <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <display-name>Use Role-Based Security In Servlets</display-name> <welcome-file-list> <welcome-file>/index.jsp</welcome-file> </welcome-file-list> <servlet-mapping> <servlet-name>DisplayOpResult</servlet-name> <url-pattern>/DisplayOpResult</url-pattern> </servlet-mapping> <security-constraint> <display-name>Restrict access to role eap_admin</display-name> <web-resource-collection> <web-resource-name>Restrict access to role eap_admin</web-resource-name> <url-pattern>/DisplayOpResult/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>eap_admin</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>eap_admin</role-name> </security-role> <login-config> <auth-method>BASIC</auth-method> </login-config> </web-app>
These changes have been made in revision 471360. Thanks!
The amended text is available at [1]. When validating the changes, confirm that you're viewing revision 1.0-58 or later. [1] http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_JBoss_Enterprise_Application_Platform/6.1.1/html/Security_Guide/Use_Role-Based_Security_In_Servlets.html
Verified on the stage (6.1, 6.1.1, 6.2).