hello,
I have a web-application running under JBoss 4.0.1sp1. I use basic authentication on my web-application. It seems like the login mechanism is working fine; I am able to log in to my main web-page. But when I try to access any further pages from there, I get a 401-error (which means unauthorized):
2005-09-21 09:41:19,407 ERROR [STDERR] javax.servlet.jsp.JspException: Exception reading resource http://localhost/sid-admin/topmenu.jsp: java.io.IOException: Server returned HTTP response code: 401 for URL: http://localhost/sid-admin/topmenu.jsp
<!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>Entire Application</web-resource-name> <description>Security constraint for sid-admin</description> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>sid-administrator</role-name> </auth-constraint> </security-constraint> <!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>SID Administration</realm-name> </login-config> <security-role> <description>A user allowed to invoke the sid-admin application</description> <role-name>sid-administrator</role-name> </security-role>
<application-policy name="sid-administrator"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/OracleDS</module-option> <module-option name="principalsQuery">select password from xyz_user where user_name=?</module-option> <module-option name="rolesQuery">select role, 'Roles' from xyz_user_role where user_name=?</module-option> </login-module> </authentication> </application-policy>