8 Replies Latest reply on Nov 29, 2011 5:28 AM by Radim Hanus

    problems while using both RF4 and FORM authentication

    Radim Hanus Expert

      Hi all,

       

      while evaluating richfaces4 in jboss6 I've tried to add security constrains into my sample application but after successful login instead of displaying welcome page following page is shown:

       

      https://192.168.1.10:8443/myapp/faces/rfRes/skinning.ecss?db=eAFLq7x7HgAFkAKM

       

      then when I press browser back button then welcome page is diplayed as expected

       

      I've searched both forum and issues and found some related topics like a RF-2985 but it didn't help

       

      Thank you in advance for hints,

      Radim

        • 1. Re: myapp/faces/rfRes/skinning.ecss output after login
          Nick Belaevski Master

          Hi Radim,

           

          You shoiuld not enforce security for JSF resources, do it only for pages.

          • 2. Re: myapp/faces/rfRes/skinning.ecss output after login
            Radim Hanus Expert

            Hi Nick,

             

            I've tried my best but no luck

            I made as simple as possible jsf2/rf4 application with login and can reproduce the problem above

            maybe I missed something but really I don't know what's wrong

             

            please check application jsf2demo.war

            deploy into jboss6 default, navigate to http://localhost:8080/demo, use admin:admin credential

             

            Thanks,

            Radim

            • 3. Re: myapp/faces/rfRes/skinning.ecss output after login
              Radim Hanus Expert

              when I try to log in with admin:admin credential following page is dispalyed:

              http://localhost:8080/demo/rfRes/skinning.ecss.xhtml?db=eAHL6rC8BQAEkAIG

               

              input, select, textarea, button, keygen, isindex, legend, a {
                 font-size: 11px;
                 font-family: Arial, Verdana, sans-serif ;
                 color: #000000;
              }
              fieldset {
                 border-width: 1px;
                 border-style: solid;
                 padding: 10px;
                 border-color: #C4C0B9;
              }
              hr {
                 border-width: 1px;
                 border-style: solid;
                 border-color: #C4C0B9;
              }
              a {
                 color: #0078D0;
              }
              a:hover {
                 color: #0090FF;
              }
              a:visited {
                 color: #0090FF;
              }
              input, select, textarea, button, keygen, isindex {
                 border-width: 1px;
                 border-color: #C4C0B9;
                 color: #000000;
              }
              button, input[type="reset"], input[type="submit"], input[type="button"] {
                 border-width: 1px;
                 border-color: #C4C0B9;
                 font-size: 11px;
                 font-family: Arial, Verdana, sans-serif ;
                 color: #000000;
                 background-repeat: repeat-x;
                 background-position: top left;
                 background-color: #D4CFC7;
                 background-image: url(/demo/rfRes/buttonBackgroundImage.png.xhtml?v=4.0.0.Final&db=eAFjZGBkZOBm!P-f8f!bV88Y!185f5yBCQBPWAk3&ln=org.richfaces.images);
              }
              button:hover, input[type="reset"]:hover, input[type="submit"]:hover, input[type="button"]:hover {
                 background-position: bottom left;
                 background-repeat: repeat-x;
                 background-image: url(/demo/rfRes/buttonHoverBackgroundImage.png.xhtml?v=4.0.0.Final&db=eAFjZGBkZOBm!P-f8f-V88cZ!7999YyBCQBNuQk3&ln=org.richfaces.images);
              }
              button[disabled], input[type="reset"][disabled], input[type="submit"][disabled], input[type="button"][disabled] {
                 color: #B1ADA7;
                 border-color: #cccccc;
                 background-color: #cccccc;
                 background-image: url(/demo/rfRes/buttonDisabledBackgroundImage.png.xhtml?v=4.0.0.Final&db=eAFjZGBkZOBm!P-f8f!Hjx8Z!585c4aBCQBP8glH&ln=org.richfaces.images);
                 background-position: top left;
              }
              textarea, input[type="text"], input[type="password"], select {
                 border-width: 1px;
                 border-style: solid;
                 border-color: #C4C0B9;
                 font-size: 11px;
                 font-family: Arial, Verdana, sans-serif ;
                 color: #000000;
                 background-repeat: no-repeat;
                 background-position: 1px 1px;
                 background-color: #ffffff;
                 background-image: url(/demo/rfRes/inputBackgroundImage.png.xhtml?v=4.0.0.Final&db=eAFjZL!AyMDN-P8!4!-P714C6f!!GZgAYeQKqw__&ln=org.richfaces.images);
              }
              textarea[disabled], input[type="text"][disabled], input[type="password"][disabled], select[disabled] {
                 color: #C4C0B9;
                 cursor: default;
              }
              

               

              another weird behaviour when I uncomment following line in login.xhtml:

              <h:graphicImage library="images" name="Forudaa-Music_256.png" styleClass="margin: 4px 12px;"/>
              

               

              the following page page is displayed:

              http://localhost:8080/demo/javax.faces.resource/Forudaa-Music_256.png.xhtml?ln=images

               

              Forudaa-Music_256.png

              • 4. Re: myapp/faces/rfRes/skinning.ecss output after login
                Radim Hanus Expert

                OK I've examined this problem thoroughly and find out following:

                • reported behaviour can be reproduced when using FORM authentication and RF4 jars are available in WEB-INF/lib
                • when I delete RF4 jars from WEB-INF/lib (note that referenced sample doesn't use RF4 at all) and use FORM authentication the login works as expected
                • having both RF4 and BASIC authentication the login works as expected

                 

                the discussion title change to reflect my latest research

                • 5. Re: myapp/faces/rfRes/skinning.ecss output after login
                  Brian Leathem Master

                  Have you tried this with AS7 yet?  Does the problem persist?

                  • 6. Re: myapp/faces/rfRes/skinning.ecss output after login
                    Radim Hanus Expert

                    hi Brian,

                    I can reproduce it in 7.0.2 as well

                    regards Radim

                    • 7. Re: myapp/faces/rfRes/skinning.ecss output after login
                      Radim Hanus Expert

                      sorry I might write down some details because enclosed war had been created for jboss6

                      so following are the steps to reproduce this problem in jboss-as-web-7.0.2:

                       

                      1.) add a security domain into standalone.xml:

                      <security-domain name="jmx-console">

                           <authentication>

                                <login-module code="UsersRoles" flag="required">

                                     <module-option name="usersProperties" value="${jboss.server.config.dir}/jmx-console-users.properties"/>

                                     <module-option name="rolesProperties" value="${jboss.server.config.dir}/jmx-console-roles.properties"/>

                                </login-module>

                           </authentication>

                      </security-domain>

                       

                      2.) copy both jmx-console-users.properties and jmx-console-roles.properties from jboss-6.0.0.Final/server/default/conf/props to jboss7/standalone/configuration

                       

                      3.) change reference to a security domain in descriptor jsf2demo.war/WEB-INFjboss-web.xml:

                      <security-domain>jmx-console</security-domain>

                       

                      4.) deploy changed jsf2demo.war into jboss7

                      • 8. Re: myapp/faces/rfRes/skinning.ecss output after login
                        Radim Hanus Expert

                        solved for me

                        see Jan Papousek's comment in corresponding issue