I'm testing out container managed authentication/authorization in JBoss (4.0.3RC2) and I have run into a problem. When I attempt to access a secured resource, instead of the container redirecting to the specified login page for authentication, it simply displays a 403 Access Denied error (I don't have a custom 403 error page).
Below are the specifics of my application: My directory structure: | index.jsp | main.jsp | login.jsp | login-error.jsp | secure/ | secure1.jsp | WEB-INF/ | web.xml | jboss-web.xml | classes/ | lib/ | My web.xml: | <web-app> | | <security-constraint> | <web-resource-collection> | <web-resource-name>Secured</web-resource-name> | <url-pattern>/secure/*</url-pattern> | </web-resource-collection> | <user-data-constraint> | <transport-guarantee>NONE</transport-guarantee> | </user-data-constraint> | </security-constraint> | | <login-config> | <auth-method>FORM</auth-method> | <realm-name>test-jaas</realm-name> | <form-login-config> | <form-login-page>/login.jsp</form-login-page> | <form-error-page>/login-error.jsp</form-error-page> | </form-login-config> | </login-config> | | </web-app> | My jboss-web.xml: | <jboss-web> | <security-domain>java:/jaas/test-jaas</security-domain> | </jboss-web> | My login-config.xml: | <policy> | <application-policy name="test-jaas"> | <authentication> | <login-module | code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> | <module-option name="dsJndiName">java:TestJaasDS</module-option> | <module-option name="principalsQuery">SELECT pin FROM user WHERE username = ?</module-option> | <module-option name="rolesQuery">SELECT ur.role, 'Roles' FROM user_role ur LEFT OUTER JOIN user u ON ur.fk_user = u.ikey WHERE u.username = ?</module-option> | </login-module> | </authentication> | </application-policy> | </policy> | My login-service.xml: | <server> | <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" | name="tasconline:service=DynamicLoginConfig"> | <attribute name="AuthConfig">login-config.xml</attribute> | <depends optional-attribute-name="LoginConfigService"> | jboss.security:service=XMLLoginConfig | </depends> | <depends optional-attribute-name="SecurityManagerService"> | jboss.security:service=JaasSecurityManager | </depends> | </mbean> | </server> | My application.xml: | <application> | | <display-name>test-jaas</display-name> | | <module> | <web> | <web-uri>test-jaas.war</web-uri> | <context-root>/test-jaas</context-root> | </web> | </module> | | </application> | My jboss-app.xml: | <jboss-app> | <module> | <service>test-jaas-ds.xml</service> | </module> | <module> | <service>login-service.xml</service> | </module> | </jboss-app> | Specifically, this error occurs when I attempt to access the http://localhost:8080/test-jaas/secure/secure1.jsp. Any ideas? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3897484#3897484 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3897484 ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
