4 Replies Latest reply on Aug 26, 2009 9:36 AM by Shantanu Upadhyaya

    Richfaces not getting rendered on 403 page - when using JAAS

    Shantanu Upadhyaya Newbie

      I'm trying to fix a simple problem for 2 days.

      My UI stack is as follows :
      * JSF 1.2, Facelets, Richfaces 3.2.1
      * JAAS
      * Tomcat 6


      Points to note :

      1. JAAS is working. I'm able to login into the application.
      2. Roles are working. CMA intercepts when I hit a secured resource.
      3. My login page uses <f:verbatim> , like this :

       <rich:panel id="loginPanel">
       <f:facet name="header">Login Panel</f:facet>
       <f:verbatim>
       <form method="post" action="#{testBean.securityUrl}">
       <table><tr>
       <td>User Id</td>
       <td><input type="text" name="j_username" /></td>
       </tr>
       <tr>
       <td>Password</td>
       <td><input type="password" name="j_password" /></td>
       </tr>
       <tr>
       <td align="center">
       <input type="submit" value="Login" />
       </td>
       </tr></table>
       </form>
       </f:verbatim>
       </rich:panel>
      


      4. My 403 (forbidden) page is a JSF page.
      5. I'm not using Phaselisteners / Actionlisteners / filters for JAAS.
      6. Authentication mechanism in web.xml
       <login-config>
       <auth-method>FORM</auth-method>
       <realm-name>myrealm</realm-name>
       <form-login-config>
       <form-login-page>/faces/login/login.jsf</form-login-page>
       <form-error-page>/faces/login/loginerror.jsf</form-error-page>
       </form-login-config>
       </login-config>
      


      Sequence of steps for simulating the problem :
      7. Open the home page - no authentication required.
      8. Click on a link that requires a role of 'Admin'
      9. Tomcat redirects me to the login page ( JSF panels are rendered FINE )
      10. I login with a user id that DOES NOT have 'Admin' privileges.
      11. Tomcat redirects me to error403.xhtml.
       <error-page>
       <error-code>403</error-code>
       <location>/pages/errpgs/error403.jsf</location>
       </error-page>
      


      PROBLEM :
      12. error403.xhtml is NOT rendered as a Richfaces page !
      The rich menus are not getting rendered.
      Facelets work - <ui:composition> working.

      Why is error403.html a richfaces page whereas login.xhtml is not ?
      (see 12 and 6 above)


      On a side note :
      13. What I really wanted was to use a login using a rich:modalPanel. But when using JAAS, it appears the only mechanism for login is via a login page that you get redirected to when you attempt to access a restricted resource ?

      Is that right ?

      How can I use JAAS with rich:modalPanel ? How can I submit to j_security_checkl