Richfaces not getting rendered on 403 page - when using JAAS
shantanu.u Aug 21, 2009 9:52 AMI'm trying to fix a simple problem for 2 days.
My UI stack is as follows :
* JSF 1.2, Facelets, Richfaces 3.2.1
* JAAS
* Tomcat 6
Points to note :
1. JAAS is working. I'm able to login into the application.
2. Roles are working. CMA intercepts when I hit a secured resource.
3. My login page uses <f:verbatim> , like this :
<rich:panel id="loginPanel"> <f:facet name="header">Login Panel</f:facet> <f:verbatim> <form method="post" action="#{testBean.securityUrl}"> <table><tr> <td>User Id</td> <td><input type="text" name="j_username" /></td> </tr> <tr> <td>Password</td> <td><input type="password" name="j_password" /></td> </tr> <tr> <td align="center"> <input type="submit" value="Login" /> </td> </tr></table> </form> </f:verbatim> </rich:panel>
4. My 403 (forbidden) page is a JSF page.
5. I'm not using Phaselisteners / Actionlisteners / filters for JAAS.
6. Authentication mechanism in web.xml
<login-config> <auth-method>FORM</auth-method> <realm-name>myrealm</realm-name> <form-login-config> <form-login-page>/faces/login/login.jsf</form-login-page> <form-error-page>/faces/login/loginerror.jsf</form-error-page> </form-login-config> </login-config>
Sequence of steps for simulating the problem :
7. Open the home page - no authentication required.
8. Click on a link that requires a role of 'Admin'
9. Tomcat redirects me to the login page ( JSF panels are rendered FINE )
10. I login with a user id that DOES NOT have 'Admin' privileges.
11. Tomcat redirects me to error403.xhtml.
<error-page> <error-code>403</error-code> <location>/pages/errpgs/error403.jsf</location> </error-page>
PROBLEM :
12. error403.xhtml is NOT rendered as a Richfaces page !
The rich menus are not getting rendered.
Facelets work - <ui:composition> working.
Why is error403.html a richfaces page whereas login.xhtml is not ?
(see 12 and 6 above)
On a side note :
13. What I really wanted was to use a login using a rich:modalPanel. But when using JAAS, it appears the only mechanism for login is via a login page that you get redirected to when you attempt to access a restricted resource ?
Is that right ?
How can I use JAAS with rich:modalPanel ? How can I submit to j_security_checkl