I'd like to configure authorization into a test webapp staged in Tomcat 6 using OpenAM. The ultimate goal/use case would something like:
- user bob belongs to group employee
user john belongs to group manager
only employees and managers can access the employee.jsp page
- only managers can access the manager.jsp page
I find plenty of documentation on the authentication piece and have that configured properly in my environment. Before logging in, I can access 'public' pages (not enforced uri's I've configured), but as soon as I try to access a protected page like "employee.jsp", I get redirected to OpenAM's login module and have to authenticate. I can authenticate as a bob who belongs to the group employee (the backing user store is an active directory), but after the redirect I still get access denied. How can I configure access for this? The policy agent deployed for protecting this resource is a j2ee_agent. The web agent seems more relevant, but I gathered that j2ee agents are deployed for Tomcat. Any thoughts?
Thanks.
Environment:
- webapp deployed in tomcat 6 staged on Windows 2008 server, with AD
- j2ee policy agent deployed in same tomcat 6 instance with configuration centralized in server
- openam server on a separate linux box deployed within jboss 7, using the Windows 2008 Server AD as user store.
