My WAR is configured to use FORM auth method. <login-config> <auth-method>FORM</auth-method> <realm-name></realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/LoginErrorPage.jsp</form-error-page> </form-login-config> </login-config>
i have also a security constraint: <security-constraint> <web-resource-collection> <web-resource-name>all</web-resource-name> <url-pattern>*.jsp</url-pattern> <url-pattern>/index.html</url-pattern> <auth-constraint> <role-name>everyone</role-name> </auth-constraint> </security-constraint> So when a user try to connect to every JSP or index.html the login form is open. and this works fine. The problem occurs when credential is not valid. The Web container must call the form-error-page so in my case LoginErrorPage.jsp. But seem that web container check apply thesecurity contraint and so call again the form-login-page (login.jsp). i try also to add the run-as role for login jsps. <servlet-name>login</servlet-name> <display-name>Login</display-name> Login <jsp-file>/login.jsp</jsp-file> <run-as> <role-name>everyone</role-name> </run-as> <servlet-name>loginError</servlet-name> <display-name>Login Error</display-name> Login Error <jsp-file>/LoginErrorPage.jsp</jsp-file> <run-as> <role-name>everyone</role-name> </run-as> <servlet-mapping> <servlet-name>login</servlet-name> <url-pattern>/login.jsp</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>loginError</servlet-name> <url-pattern>/LoginErrorPage.jsp</url-pattern> </servlet-mapping> the role everyone is well declared... Any idea? or it's a bug? I think it's a bug because in every case the LoginErrorPage.jsp must run as the role name "everyone" and also because under WebSphere the same configuration works fine. Thank You View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3928397#3928397 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3928397 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user