I have finally got a WAR that has secured pages using JAAS. When I use
UsersRolesLoginModule, it correctly goes to my error page with a 403 error
if I login with a user who does not have the right role.
Now, I have changed to using the DatabaseServerLoginModule, and it works
correctly if I login with a user who has the correct role. It also works
correctly, (it displays an error page) if I try logging in an unknown user
or if I give a bad password. But when I give a valid user/password for a
user who lacks the correct role, JBoss 3.0.3 spits out a stack trace:
13:37:53,542 WARN [jbossweb] WARNING: AUTH FAILURE: role for aidan
13:37:53,582 WARN [jbossweb] WARNING: Exception for
/security-test/restricted/Welcome.jsp
org.apache.jasper.JasperException: No output directory: String index out
of range: -1
at
org.apache.jasper.servlet.JspServlet.loadJSP(JspServlet.java:536)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.loadIfNecessary(JspServlet.java:176)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:188)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:381)
at
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:473)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:366)
at
org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:284)
at
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:577)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1674)
at
org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:544)
at org.mortbay.http.HttpResponse.sendError(HttpResponse.java:360)
at
org.mortbay.http.SecurityConstraint.check(SecurityConstraint.java:391)
at
org.mortbay.http.HttpContext.checkSecurityContstraints(HttpContext.java:1433)
at
org.mortbay.jetty.servlet.WebApplicationContext.checkSecurityContstraints(WebApplicationContext.java:1210)
at
org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:225)
at
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:577)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1674)
at
org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:544)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1624)
at org.mortbay.http.HttpServer.service(HttpServer.java:875)
at org.jboss.jetty.Jetty.service(Jetty.java:541)
at
org.mortbay.http.HttpConnection.service(HttpConnection.java:785)
at
org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:935)
at org.mortbay.http.HttpConnection.handle(HttpConnection.java:802)
at
org.mortbay.http.SocketListener.handleConnection(SocketListener.java:200)
at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:294)
at org.mortbay.util.ThreadPool$JobRunner.run(ThreadPool.java:743)
at java.lang.Thread.run(Thread.java:536)
13:37:53,682 WARN [jbossweb] WARNING: Error 500 while serving error page
for 403
Any clues would be welcome.
Ciao,
Jonathan O'Connor
Ph: +353 1 872 3305
Mob: +353 86 824 9736
Fax: +353 1 873 3612
-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
