1 Reply Latest reply on Dec 6, 2010 11:48 AM by aartir

After jaas implementation , we see the username and password in url on incorrect login

aartir Aug 3, 2010 5:42 PM

Hi,

We have jboss-4.2.2GA , after implementing JAAS , whenever a user has an incorrect login then we see the url /password like below

is there any way we can stop this?

I check the FormAuthenticator.class where we forward to error page

RequestDispatcher disp =

context.getServletContext().getRequestDispatcher(config.getErrorPage());

disp.forward(request.getRequest(), response.getResponse())

So this way request has these parameters and its shown in the url when it forwards to error page.

Is there any configuration or any new version of jar .. where this issue is fixed?

Quick response is appreciated , we have customers complaining on this and we need to fix it.

1. Re: After jaas implementation , we see the username and password in url on incorrect login

aartir Dec 6, 2010 11:48 AM (in response to aartir)

Can you please let us know if there was any patch in new relases of jboss to fix this issue? Or is it that there is something wrong in that we are doing?
Actions