403 Access Denied instead of redirect to login page ...
michael.c.small Sep 27, 2005 6:06 PMI'm testing out container managed authentication/authorization in JBoss (4.0.3RC2) and I have run into a problem. When I attempt to access a secured resource, instead of the container redirecting to the specified login page for authentication, it simply displays a 403 Access Denied error (I don't have a custom 403 error page).
Below are the specifics of my application:
My directory structure:
index.jsp main.jsp login.jsp login-error.jsp secure/ secure1.jsp WEB-INF/ web.xml jboss-web.xml classes/ lib/
My web.xml:
<web-app> <security-constraint> <web-resource-collection> <web-resource-name>Secured</web-resource-name> <url-pattern>/secure/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>test-jaas</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login-error.jsp</form-error-page> </form-login-config> </login-config> </web-app>
My jboss-web.xml:
<jboss-web> <security-domain>java:/jaas/test-jaas</security-domain> </jboss-web>
My login-config.xml:
<policy> <application-policy name="test-jaas"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:TestJaasDS</module-option> <module-option name="principalsQuery">SELECT pin FROM user WHERE username = ?</module-option> <module-option name="rolesQuery">SELECT ur.role, 'Roles' FROM user_role ur LEFT OUTER JOIN user u ON ur.fk_user = u.ikey WHERE u.username = ?</module-option> </login-module> </authentication> </application-policy> </policy>
My login-service.xml:
<server> <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="tasconline:service=DynamicLoginConfig"> <attribute name="AuthConfig">login-config.xml</attribute> <depends optional-attribute-name="LoginConfigService"> jboss.security:service=XMLLoginConfig </depends> <depends optional-attribute-name="SecurityManagerService"> jboss.security:service=JaasSecurityManager </depends> </mbean> </server>
My application.xml:
<application> <display-name>test-jaas</display-name> <module> <web> <web-uri>test-jaas.war</web-uri> <context-root>/test-jaas</context-root> </web> </module> </application>
My jboss-app.xml:
<jboss-app> <module> <service>test-jaas-ds.xml</service> </module> <module> <service>login-service.xml</service> </module> </jboss-app>
Specifically, this error occurs when I attempt to access the http://localhost:8080/test-jaas/secure/secure1.jsp. Any ideas?