[JBoss-user] [Tomcat, HTTPD, Servlets & JSP] - Form Authentication problem with jboss 3.2.8 / 4.0.3SP1

[roberto]

My WAR is configured to use FORM auth method.

  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name></realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/LoginErrorPage.jsp</form-error-page>
    </form-login-config>
  </login-config>

i have also a security constraint:

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>all</web-resource-name>
      <url-pattern>*.jsp</url-pattern>
      <url-pattern>/index.html</url-pattern>
    <auth-constraint>
      <role-name>everyone</role-name>
    </auth-constraint>
  </security-constraint>

So when a user try to connect to every JSP or index.html the login form is 
open. and this works fine.

The problem occurs when credential is not valid.
The Web container must call the form-error-page so in my case 
LoginErrorPage.jsp.
But seem that web container check apply thesecurity contraint and so call again 
the form-login-page (login.jsp).

i try also to add the run-as role for login jsps.

  
    <servlet-name>login</servlet-name>
    <display-name>Login</display-name>
    Login
    <jsp-file>/login.jsp</jsp-file>
    <run-as>
      <role-name>everyone</role-name>
    </run-as>
  
  
    <servlet-name>loginError</servlet-name>
    <display-name>Login Error</display-name>
    Login Error
    <jsp-file>/LoginErrorPage.jsp</jsp-file>
    <run-as>
      <role-name>everyone</role-name>
    </run-as>
  
  <servlet-mapping>
    <servlet-name>login</servlet-name>
    <url-pattern>/login.jsp</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>loginError</servlet-name>
    <url-pattern>/LoginErrorPage.jsp</url-pattern>
  </servlet-mapping>

the role everyone is well declared...

Any idea?
or it's a bug?

I think it's a bug because in every case the LoginErrorPage.jsp must run as the 
role name "everyone" and also because under WebSphere the same configuration 
works fine.

Thank You

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3928397#3928397

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3928397


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user