wood burning stoves*
The moose likes JBoss/WildFly and the fly likes Problem with jboss login Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Problem with jboss login" Watch "Problem with jboss login" New topic
Author

Problem with jboss login

Tejas Gokhale
Greenhorn

Joined: Nov 21, 2005
Posts: 24
Hi,
I have two roles for which i have two different security constraints configured. I am using jboss databaseserverloginmodule with form based authentication.
If i give completely wrong credentials then error page is shown properly.
But if i ask a page which role1 is authorised to see and if i give login credentials of role2 to it then instead of showing error page it shows me http:403 forbidden error though i have configured error.jsp in login-config.
Please help me why this is happening?


Regards, Tejas Gokhale
SCJP 1.4
Wiley Snyder
Greenhorn

Joined: Oct 26, 2005
Posts: 23
You need a Welcome page in your descriptor that on authentication the user has access too ...

<welcome-file-list>
<welcome-file>members.jsp</welcome-file>
</welcome-file-list>
Tejas Gokhale
Greenhorn

Joined: Nov 21, 2005
Posts: 24
I have actually added the welcome page. But even then the error is coming. Please help?
Following is the discriptor.

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
<!-- Its required that display name be as specified -->

<display-name>PartnerPortal</display-name>

<!-- Action Servlet Configuration -->
<servlet>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>

<load-on-startup>1</load-on-startup>
</servlet>


<!-- Action Servlet Mapping -->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>

<!-- Session time out set to 30 min. -->
<session-config>
<session-timeout>30</session-timeout>
</session-config>

<!-- Welcome file list -->
<welcome-file-list>
<welcome-file>/web/jsp/login/login.jsp</welcome-file>
</welcome-file-list>

<!-- ******************************************************************* -->
<!-- ***** taglibs ***************************************************** -->
<!-- ******************************************************************* -->
<taglib>
<taglib-uri>/WEB-INF/lib/struts-html.tld</taglib-uri>
<taglib-location>/WEB-INF/lib/struts-html.tld</taglib-location>
</taglib>

<taglib>
<taglib-uri>/WEB-INF/lib/struts-bean.tld</taglib-uri>
<taglib-location>/WEB-INF/lib/struts-bean.tld</taglib-location>
</taglib>

<taglib>
<taglib-uri>/WEB-INF/lib/struts-logic.tld</taglib-uri>
<taglib-location>/WEB-INF/lib/struts-logic.tld</taglib-location>
</taglib>



<!-- #################################################### -->
<!-- Added by sunil for jboss login module implementation -->
<security-constraint>
<web-resource-collection>
<web-resource-name>adminresource</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/adminmenu.do</url-pattern>
<url-pattern>/web/jsp/change_password.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>reselleruserresource</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/resellerSetup.do</url-pattern>
<url-pattern>/resellerProduct.do</url-pattern>
<url-pattern>/adsl.do</url-pattern>
<url-pattern>/pstn.do</url-pattern>
<url-pattern>/isdn.do</url-pattern>
<url-pattern>/llvpn.do</url-pattern>
<url-pattern>/llvpnpp.do</url-pattern>
<url-pattern>/lesvpn.do</url-pattern>
<url-pattern>/lespp.do</url-pattern>
<url-pattern>/sdsl.do</url-pattern>

<url-pattern>/web/jsp/reseller_user/JBossStartGuide.pdf</url-pattern>
<url-pattern>/web/jsp/change_password.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>reselleruser</role-name>
</auth-constraint>

</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>login</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/forgotpassword.*</url-pattern>
<url-pattern>/home.do</url-pattern>
<url-pattern>/disclaimer.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>

</security-constraint>


<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/web/jsp/login/login.jsp</form-login-page>
<form-error-page>/web/jsp/login/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>reselleruser</role-name>
</security-role>

<!-- End of Addion by sunil for jboss login module implementation -->
<!-- $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ -->


</web-app>
Heonkoo Lee
Ranch Hand

Joined: Feb 10, 2005
Posts: 85
The welcome file list configuration has nothing to do with getting the status code 403 forbidden. Both users in role1 and role2 are authenticated to the web app if they login with correct username and password. The login error page is only displayed when a login fails.

The reason the user in role2 is getting 403 error (different than login error) is that only users in role1 is authorized to access that resource.

Hope this helps.

Regards,
Tejas Gokhale
Greenhorn

Joined: Nov 21, 2005
Posts: 24
All that is absolutely correct. But my problem is why is it showing that ugly error on screen when i have configured loginerror.jsp in login-config tags.
 
 
subject: Problem with jboss login
 
Similar Threads
Login to Tomcat 6 Manager Fails on Locahost - Using OS X
how to login into the home page dynamically using java code skipping the login page using parameter
Login Application Configuration on JMeter
Access Denied
JBoss 5.1 authentication problem (works in JBoss 4.2.3)