4 Replies Latest reply on Aug 26, 2009 9:36 AM by Shantanu Upadhyaya

    Richfaces not getting rendered on 403 page - when using JAAS

    Shantanu Upadhyaya Newbie

      I'm trying to fix a simple problem for 2 days.

      My UI stack is as follows :
      * JSF 1.2, Facelets, Richfaces 3.2.1
      * JAAS
      * Tomcat 6

      Points to note :

      1. JAAS is working. I'm able to login into the application.
      2. Roles are working. CMA intercepts when I hit a secured resource.
      3. My login page uses <f:verbatim> , like this :

       <rich:panel id="loginPanel">
       <f:facet name="header">Login Panel</f:facet>
       <form method="post" action="#{testBean.securityUrl}">
       <td>User Id</td>
       <td><input type="text" name="j_username" /></td>
       <td><input type="password" name="j_password" /></td>
       <td align="center">
       <input type="submit" value="Login" />

      4. My 403 (forbidden) page is a JSF page.
      5. I'm not using Phaselisteners / Actionlisteners / filters for JAAS.
      6. Authentication mechanism in web.xml

      Sequence of steps for simulating the problem :
      7. Open the home page - no authentication required.
      8. Click on a link that requires a role of 'Admin'
      9. Tomcat redirects me to the login page ( JSF panels are rendered FINE )
      10. I login with a user id that DOES NOT have 'Admin' privileges.
      11. Tomcat redirects me to error403.xhtml.

      PROBLEM :
      12. error403.xhtml is NOT rendered as a Richfaces page !
      The rich menus are not getting rendered.
      Facelets work - <ui:composition> working.

      Why is error403.html a richfaces page whereas login.xhtml is not ?
      (see 12 and 6 above)

      On a side note :
      13. What I really wanted was to use a login using a rich:modalPanel. But when using JAAS, it appears the only mechanism for login is via a login page that you get redirected to when you attempt to access a restricted resource ?

      Is that right ?

      How can I use JAAS with rich:modalPanel ? How can I submit to j_security_checkl