I am trying to add an image to my authentication form but the security credentials keep it from showing, even though the image is not part of the restricted urls.
Am I doing something wrong with the security descriptors that block all my pages?
Here is my web.xml
<security-constraint>
<display-name>activedir</display-name>
<web-resource-collection>
<web-resource-name>activedir</web-resource-name>
<description/>
<url-pattern>/activedir/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>USER</role-name>
<role-name>ADMIN</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>security</realm-name>
<form-login-config>
<form-login-page>/login/login.html</form-login-page>
<form-error-page>/login/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>USER</role-name>
</security-role>
<security-role>
<description/>
<role-name>ADMIN</role-name>
</security-role>
And here is my glassfish-web.xml
<security-role-mapping>
<role-name>ADMIN</role-name>
<group-name>ADMIN</group-name>
<security-role-mapping>
<role-name>ADMIN</role-name>
<group-name>ADMIN</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>USER</role-name>
<group-name>USER</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
My folder tree is as follows:
activedir
- index.jsp
- result.jsp
login
- login.html
- error.html
- logo.png
- style.css
Now when I authenticate, it does not return to the web page I requested, instead it will redirect to the image.
Am I doing something wrong here?
Thanks for the help!