Hello,

I am using the ExtendedFormAuthenticator which works fine if both username and password are correct.

But after entering an invalid password and submitting the form, the following IllegalStateException is thrown, and therefore the error-page is not shown.

2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] User: testuser is NOT authenticated
2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] End authenticate, principal=null
2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator] forwardToErrorPage
2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator] SessionID: 125F46B5D04395A49BFF11FD83BAF
2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator] Setting j_username = testuser
2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator] Setting j_password = --hidden--
2008-04-19 14:23:07,780 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
2008-04-19 14:23:07,780 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
2008-04-19 14:23:07,781 ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception or error occurred in the container during the requ
est processing
java.lang.IllegalStateException: Security Context is null
at org.jboss.web.tomcat.security.SecurityAssociationActions$GetAuthExceptionAction.run(SecurityAssociationActions.java:168)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.web.tomcat.security.SecurityAssociationActions.getAuthException(SecurityAssociationActions.java:290)
at org.jboss.web.tomcat.security.ExtendedFormAuthenticator.populateSession(ExtendedFormAuthenticator.java:180)
at org.jboss.web.tomcat.security.ExtendedFormAuthenticator.forwardToErrorPage(ExtendedFormAuthenticator.java:123)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:260)
at org.jboss.web.tomcat.security.ExtendedFormAuthenticator.authenticate(ExtendedFormAuthenticator.java:86)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:90)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:96)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:309)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)

Before this happens the javax.security.auth.login.FailedLoginException was thrown by the LoginModule,

Does anyone have an idea what is going wrong?

Thomas