1 Reply Latest reply on Nov 27, 2006 7:08 AM by andiwauss

not able to get the prompt asking for user password

santoshkumar Nov 13, 2006 10:23 AM

trying to test for secure a web application in JBoss AS.
added given entry in the following files

1. web.xml (under mywebapp/WEB-INF)
-------------

<servlet-name>Hello</servlet-name>
<servlet-class>HelloServlet</servlet-class>
<display-name></display-name>

<security-role-ref>
<role-name>user</role-name>
<role-link>user</role-link>
</security-role-ref>

<servlet-mapping>
<servlet-name>Hello</servlet-name>
<url-pattern>/hello</url-pattern>
</servlet-mapping>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>tw-app</realm-name>
</login-config>

<security-constraint>
<web-resource-collection>
<url-pattern>/hello</url-pattern>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>

</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<security-role>

<role-name>user</role-name>
</security-role>

<error-page>
<error-code>401</error-code>
/error/401.html
</error-page>

2. jboss-web.xml(under mywebapp/WEB-INF)
-------------------
<jboss-web>
<security-domain>java:/jaas/tw-app</security-domain>
</jboss-web>

3. login-config.xml (under servername\conf\login-config.xml)
----------------------
<application-policy name = "tw-app">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">props/tw-appUsers.properties</module-option>
<module-option name="rolesProperties">props/tw-appRoles.properties</module-option>
</login-module>

</application-policy>

my problem is that, while invoking the hello servlet, I am not being prompt for the user name and password as expecting to be. I am given error 404 , page not found.
but when I comment all these things, I am getting the hello msg by the hello servlet.
could any one please tell me, if I am still missing anything in any config file to get browser prompt for user name and password.

Thanks

1. Re: not able to get the prompt asking for user password

andiwauss Nov 27, 2006 7:08 AM (in response to santoshkumar)
I just faced the same problem, after updating to 4.0.5 from 4.0.3sp1.

It seems that BASIC authentication has been changed so that the prompt now is triggered after the error page, i.e. when an error page is configured there is no prompt anymore..
(I assume your 404 error code was due to not finding the 401.html)

after removing
<error-page> <error-code>401</error-code> /error/401.html </error-page>

it works again (at least for me..)..

Perhaps JBoss might want to comment on this? I´d say it´s not possible anymore (4.0.5) to define a 401-error page when having BASIC authentication (which worked with 4.0.3sp1 - i haven´t tried 4.0.4..)
Actions