[jboss-user] [Security & JAAS/JBoss] - FORM auth. doesn't forward properly after login

Thu, 05 Oct 2006 02:38:41 -0700 

I'm trying to get a simple authentication on my webapp but i'm getting a weird 
problem. 

Everything works fine, I get into any page the server forwards to the login 
page, password is validated correctly against records in my db. At this point 
by other examples i've seen, the server would forward me automatically to the 
page i requested (say index.jsp). Instead of that, i get an image that's used 
at the top of index.jsp. Some other times I get the css file! It looks like it 
opens the index.jsp picks something at random from the headings and throws it 
to the response. If i then type the url to index.jsp, it lets me in and the 
session is authenticated, the problem is just on the forward after performing 
the login.. 

Has anybody any clues of why this happens? I'm doing a couple of <jsp:include 
page='headers.jsp' /> at the top, but i'm pretty sure everything's correct 
there and no exceptions ocurr inside so i don't have a clue of what's the 
problem..

These are the relevant sections of my web.xml in case it helps


  |     <security-constraint>
  |             <web-resource-collection>
  |                     <web-resource-name>Protected Pages</web-resource-name>
  |                     <url-pattern>/*</url-pattern>
  |                     <http-method>GET</http-method>
  |                     <http-method>POST</http-method>
  |             </web-resource-collection>
  |       <auth-constraint>
  |          <role-name>User</role-name>
  |       </auth-constraint>
  |      
  |       <user-data-constraint>
  |          <transport-guarantee>NONE</transport-guarantee>
  |       </user-data-constraint>
  |     </security-constraint>
  | 
  |   <security-role>
  |     <description>Authorized to access everything</description>
  |     <role-name>Admin</role-name>
  |   </security-role>
  | 
  |   <security-role>
  |     <description>Authorized to limited access</description>
  |     <role-name>User</role-name>
  |   </security-role>  
  | 
  | 
  |     <login-config>
  |             <auth-method>FORM</auth-method>
  |             <form-login-config>
  |                     <form-login-page>/login.jsp</form-login-page>
  |                     
<form-error-page>/errorPages/loginError.jsp</form-error-page>
  |             </form-login-config>
  |     </login-config>
  | 

Many thanks

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3976259#3976259

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3976259
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to