Hi, all!
Please, help me with my form based auth process... I've set up all my files and associated my loginmodule successfully, but when attempting to enter restricted area (/restricted) i have 403 error - access denied. My loginmodule has it's own log wich looks like this:
[LoginModule] -> initialize()
[LoginModule] -> login()
[LoginModule] -> commit()
And i can see that loginmodule accepted my username/password. So, i would suppose, jboss can't see my roles.properties file, but this file is in WEB-INF/classes/
And one more question is why when i use wrong username/password combination i do not see error page on my screen???
=====web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Content</web-resource-name>
<url-pattern>/restricted/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>authorized-user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login/login.jsp</form-login-page>
<form-error-page>/login/failed.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>authorized-user</role-name>
</security-role>
</web-app>
=====web.xml
=====roles.properties
###
test,authorized-user
=====roles.properties
What is the output on the server side, both when you deploy the application and when the problem occurs?
And what version are you using?