Tomcat/JBoss Web Authentication Bug

kerryjordan Sep 4, 2008 11:43 AM

There was a form-based authentication bug in Tomcat 6.0.10 code that was corrected in version 6.0.14. In particular, a FireFox user would be displayed the login form again instead of the correct requested resource AFTER authentication was successful. This was reported as Tomcat Bug 43687 (https://issues.apache.org/bugzilla/show_bug.cgi?id=43687).

As I understand it, my implementation of JBoss (4.2.2.GA) uses JBoss Web 2 which is almost identical to the Tomcat 6.0.10 code and duplicates the Tomcat bug discussed above. How do I upgrade the JBoss Web 2 implementation to include the Tomcat 6.0.14 fix I need?

Thanks,
Kerry

1. Re: Tomcat/JBoss Web Authentication Bug

starksm64 Sep 4, 2008 12:53 PM (in response to kerryjordan)

I created https://jira.jboss.org/jira/browse/JBWEB-119 to track what version the fix is in. The jbossweb version in jbossas 4.2.2.GA was 2.0.1.GA. You could try the 2.1.0.GA from:

http://www.jboss.org/jbossweb/downloads/jboss-web/
Actions
2. Re: Tomcat/JBoss Web Authentication Bug

kerryjordan Sep 4, 2008 2:38 PM (in response to kerryjordan)

Thanks for the info!

This may seem like a stupid question, but how do I install a newer version of JBoss Web over the version in JBoss AS? I was unable to find a directory tree similar between the two applications to simply write over the old files.

Kerry
Actions

Go to original post