I have a problem in JAAS using Websphere version 7.0.1 Currently I have set up JAAS Form Based Login in my application and I have not developed any CustomLoginModule hence I am just using the Websphere LoginModule by default to implement my JAAS on my applications. I also have set up my web.xml for the security-contstraint and the roles. In my websphere, I have Single Sign-ON configured since I want that whenever a user logs in a certain web application, he or she doesn't need to re-login again when he/she accesses the other applications deployed in my websphere application server.
So basically, I have two web applications deployed in websphere and is using JAAS login authentication, roles has been defined and set up. The thing is when I access the browser such as Firefox and enter the url for app1 on the browser path and open a new tab and enter the url of the app2 on the browser path and click back to the first tab where the app1 resides, afterwhich I enter my username and password to login, the problem occurs when user is not authenticated, the jaas is forwarding me to the error message of the 2nd app for which I found very weird because even the context path on the browser has changed from app1 to app2. I am wondering if this is a known problem or is there any configuration I need to do to fix this problem?
by the way, the security role mapping to user and groups are set as All Authenticated on Users for both applications. My friend said I need to define users and make the All Authenticated to Users to be set as None to solve my problem. Is this correct? If it is, does this mean I need to map all users that should have access only to app1 to fix this problem which goes as well for App2? Will the problem occur if there is a chance that users in webapp1 can be existent to users in webapp2 since there is a case that some users in web app1 will have access to web app2 vice versa?
PROBLEM: Using Firefox, open 2 tabs, enter url of app1 on 1st tab, enter url of app2 on 2nd tab. Go back to 1st tab, enter username and password click login. Problem is when user is not authenticated, user should go back to login page as set up but user is being forwarded to the error page/login page of app2. The evidence was the url path in tab 1 suddenly switch to the context path of web app 2
SETUP: Using Websphere v7.0.1, Form based authentication using j_security_check, j_username, j_password and ibm_security_logout, filters, web.xml has roles defined JAAS, default LoginModule by Websphere, SSO enabled, All Authenticated to User is set as role-secruity-group/user-mapping,
subject: Using default JAAS Mechanism in Websphere makes applications to access the context path of the other