hi all, I really need help about access a servlet (which will open an ejb) using Realm authentication with users and roles textfiles. i'm using JBoss 3.0.6 and tomcat 4.1.18. here an extract from login-config.xml <application-policy name = "cliente"> <authentication> <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name = "usersProperties">users.properties</module-option> <module-option name = "rolesProperties">roles.properties</module-option> <module-option name = "unauthenticatedIdentity">nobody</module-option> </login-module> </authentication> </application-policy> and i think i correctly wrote all other files like jboss.xml, web.xml, jboss-web.xml, ejb-jar.xml. my problem is: when I type the URL i've protected i'm asked for user/pass, i put my user/pass and i'm rejected from the system, with the message "HTTP Status 403 - Access to the requested resource has been denied" - Tomcat 4.1.18. then, if I type that URL again i'm not being asked for credentials anymore, and sent directly to error 403 page. maybe is something about libraries and directory? (jaas.jar i.e.) thank you all Riccardo
kiran nori
Greenhorn
Joined: May 28, 2001
Posts: 12
posted
0
I'm not sure about JBOSS configuration. The first time u try to access the page you get the tomcat prompt trying to authenticate you. This details wil be stored in the borwser cache. tomcat uses these from the cache to authenticate the next time a URL of the same server is accesses. That's the main reason why the second time U r directly taken to a Error 403 page without asking for authentication. the best method is to close the browser and use a new window for the URLs. Hope I have answered a part of ur question. Rgds Kiran
v kieu
Greenhorn
Joined: Apr 26, 2004
Posts: 1
posted
0
Hi, I have similar issue hope that you or anyone can help. When I access the protected url I get user/pass dialog box...after I entered the correct user credential, I then access a url that are not been protected, I get pricipal=Anonymous. Should credential be inheret? I test with other application like bea an it does not behave that way... Also when I deploy to JBoss 3.2.3 I get a Warning: 14:54:46,360 WARN [EmbeddedTomcatService] Unable to invoke setDelegate on class loader rg.jboss.web.tomcat.tc4.WebCtxLoader$ENCLoader@15b4b49 Could this be the thing that cause this problem, if so how can I fix this? Please help.
Originally posted by kiran nori: I'm not sure about JBOSS configuration. The first time u try to access the page you get the tomcat prompt trying to authenticate you. This details wil be stored in the borwser cache. tomcat uses these from the cache to authenticate the next time a URL of the same server is accesses. That's the main reason why the second time U r directly taken to a Error 403 page without asking for authentication. the best method is to close the browser and use a new window for the URLs. Hope I have answered a part of ur question. Rgds Kiran
0
rg.jboss.web.tomcat.tc4.WebCtxLoader$ENCLoader@15b4b49
