I've set up a test case for a user that is successfully authenticated but that
is not authrorized by the security-constraint to access a servlet. I've tested
other form basedlogin behavior and got the expected resuts. Accession page
requireing authentication redirects to form-login-page, invalid credentials to
form-error-page, valid credentials for authorized user to initial target.
However, when I provide valid credentials for user that is not authorized, I
get an HTTP Status 403 back. Other container managers I've used direct to
form-login-page in this sittuation.
What can I do to intercept this condition and redirect to a page of my
choosing?
I'm using JBoss 4.0.2 and the LdapLoginModule. Again, everything works except
for this condition. Excerpts from web.xml and ldif follow. The usera gets in
fine, userb gets a status 403.
<<<<---- cut - part of web.xml - begin ---->>>>
<security-constraint>
<web-resource-collection>
<web-resource-name>unprotected resources</web-resource-name>
<url-pattern>/login_placeholder.jsp</url-pattern>
<url-pattern>/error_placeholder.jsp</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>protected resources</web-resource-name>
<url-pattern>/welcome_placeholder.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>authRole</role-name>
</auth-constraint>
</security-constraint>
<!-- The Usual Welcome File List -->
<welcome-file-list>
<welcome-file>/welcome_placeholder.jsp</welcome-file>
</welcome-file-list>
<login-config>
<realm-name>realm</realm-name>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login_placeholder.jsp</form-login-page>
<form-error-page>/error_placeholder.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>authRole</role-name>
</security-role>
<<<<---- cut - part of web.xml - end ---->>>>
<<<<---- cut - part of LDIF - begin ---->>>>
dn: uid=usera,ou=people,dc=acorp,dc=com
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: usera
mail: [EMAIL PROTECTED]
cn: Authorized User
sn: User
userpassword: {SSHA}/J+00NUgSWm/iM1KIiR2GuR+E+ugezfz
dn: uid=userb,ou=people,dc=acorp,dc=com
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: userb
mail: [EMAIL PROTECTED]
cn: Nonauthorized User
sn: User
userpassword: {SSHA}XYOUSJ7BcSHQ+5viFT8Zzoo6Mb3dGoLn
dn: cn=authRole,ou=roles,dc=acorp,dc=com
changetype: add
objectclass: top
objectclass: groupofuniquenames
cn: authRole
description: Group of users with access to app
uniqueMember: uid=usera,ou=people,dc=acorp,dc=com
<<<<---- cut - part of LDIF - end---->>>>
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3923501#3923501
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3923501
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
