Working with JBoss AS 7.1.1 Final, configuration standalone-full.xml.
Authenticating against local LDAP (Apache DS)
Configured FORM authentication in web.xml
If authentication fails, I find my password verbose in the address bar of my browser:
http://localhost:8080/myApp/loginerror.jsf?windowId=ade&j_username=molle&j_password=mySecret
Of course I don't want to see the password anywhere.
I can't find any point in my application code that could cause this behaviour.
Can this be a JBoss problem?
Thanks for your hints,
Thomas