4 Replies Latest reply on Oct 4, 2008 10:44 AM by jatym

    FORM auth-method redirect problem

    h0ppy Jul 3, 2008 7:30 AM

      Hi,

      I'm using the form auth-method to authenticate new users to my application. The form-login-page is a simple jsf page that uses a html element to post to j_security_check. Pre-3.2.0 this was working perfrectly but after upgrading to 3.2.1GA after login I am directed to:

      <context-root>/a4j_3_2_1-SNAPSHOTorg/richfaces/renderkit/html/css/extended_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jspx


      rather than the page that was origanally requested.

      Any ideas how I can get around this?

      • 4415 Views
      • Tags:
        • 1. Re: FORM auth-method redirect problem
          asavelyev
          asavelyev Jul 11, 2008 11:34 AM (in response to h0ppy)

          Having the similar issue... using jsf 1.2_07 + facelets 1.1.14 + 3.2.1GA

          After hitting login button, browser (Firefox, IE, Safari) either spits out some css(eAF7sqpgb-jyGdIAFrMEaw__.css) that get opened in notepad or just displays empty page

          From web.xml:

          <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>Form-Based Authentication Area</realm-name>
          <form-login-config>
          <form-login-page>/faces/login.xhtml</form-login-page>
          <form-error-page>/faces/error.xhtml</form-error-page>
          </form-login-config>
          </login-config>

          Any ideas!

            • Actions
          • 2. Re: FORM auth-method redirect problem
            jatym
            jatym Oct 2, 2008 5:15 PM (in response to h0ppy)

            Same for me !

              • Actions
            • 3. Re: FORM auth-method redirect problem
              h0ppy Oct 3, 2008 10:30 AM (in response to h0ppy)

              We fixed this problem :)

              It was caused by the resources requested by the login page (CSS etc) were also being flagged as restricted, so when you successfully logged in you were redirected to the last restricted page you requested... the CSS of the login page...

              To fix it you can specify a resource uri prefix in your web.xml


               <context-param>
 <param-name>org.ajax4jsf.RESOURCE_URI_PREFIX</param-name>
 <param-value>RichResources/</param-value>
 </context-param>


              Then you can make requests from that URI onwards unrestricted: 


              <security-constraint>
 <web-resource-collection>
 <web-resource-name>RichFaces Resource Library</web-resource-name>
 <description>
 Allow users to access pictures and css.
 </description>
 <url-pattern>/RichResources/*</url-pattern>
 </web-resource-collection>
 </security-constraint>


              Sorted. :)

                • Actions
              • 4. Re: FORM auth-method redirect problem
                jatym
                jatym Oct 4, 2008 10:44 AM (in response to h0ppy)

                Thx :)

                  • Actions