For others experiencing the same problem:
It seems that in jBoss3.0.1RC1 it was possible to place the login.jsp in the secured area, i.e., /* is secured and hitting /foo.jsp unauthorized redircts to /login.jsp which is also in the secured area. This dosnt seem to work in jBoss3.0.1, since the /login.jsp is secured a blank page is shown to the client, this is probably understandable so moving the login.jsp to an unsecured area solves the problem! ^Torsten > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Torsten Terp > Sent: 19. august 2002 16:19 > To: [EMAIL PROTECTED] > Subject: [JBoss-user] Strange security error going from jBoss 3.0.1RC1 > -> 3.0.1 > > > > Hi > > All access to my app is redirected to /login.jsp which uses the > DatabaseServerLoginModule to authorize and authenticate. > > Using jBoss 3.0.1RC1 this works fine, the /login.jsp contains a > form which uses the db login module. On jBoss 3.0.1 and > jBoss3.0.2RC1 from CVS, the login.jsp is empty!! It just contains > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META http-equiv=Content-Type content="text/html; > charset=windows-1252"></HEAD> > <BODY></BODY></HTML> > > Have anybody experienced this or know a solution? > > Below are config files: > > <jboss_home>/server/default/conf/login-config.xml: > > <application-policy name = "TestBBRealm"> > <authentication> > <login-module code = > "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> > <module-option name = > "dsJndiName">java:/TestBBDS</module-option> > <module-option name = "principalsQuery">select passwd from > employee where username = ?</module-option> > <module-option name = "rolesQuery">select > employee_has_userrole.userrole, 'Roles' from > employee_has_userrole, employee > where employee.employee_id = employee_has_userrole.employee_id and > employee.username = ?</module-option> > </login-module> > </authentication> > </application-policy> > > > war!/WEB-INF/jboss-web.xml: > > <jboss-web> > <security-domain>java:/jaas/TestBBRealm</security-domain> > </jboss-web> > > > war!/WEB-INF/web.xml: > > <security-constraint> > <web-resource-collection> > <web-resource-name>normal</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>normal</role-name> > </auth-constraint> > </security-constraint> > ... > <login-config> > <auth-method>FORM</auth-method> > <realm-name>TestBBRealm</realm-name> > <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/loginError.jsp</form-error-page> > </form-login-config> > </login-config> > > > > > ------------------------------------------------------- > This sf.net email is sponsored by: OSDN - Tired of that same old > cell phone? Get a new here for FREE! > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
