13 Replies Latest reply on Dec 26, 2014 3:52 AM by Sathya Prabhu

    WildFly - login page cannot access css files (FORM based authentication)

    Marcos Antonio Novice

      Hello, everybody!

       

      I'm trying WildFly. After I enabled FORM based authenticaton in my simple web application, the login page (or container) cannot access the css files located in the /resources/css directory. That is working in a JBoss 7.1 application that I have in production with the same configuration. This is the relevant configuration in my simple application using WildFly:

       

      web.xml:

       

      <security-constraint>
      <web-resource-collection>
        <web-resource-name>restricted</web-resource-name>
        <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>USUARIO</role-name>
      </auth-constraint>
      </security-constraint>

       

      <security-constraint>
      <web-resource-collection>
        <web-resource-name>allowed</web-resource-name>
        <url-pattern>/modelos/*</url-pattern>
        <url-pattern>/resources/*</url-pattern>
      </web-resource-collection>
      </security-constraint>

       

      <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
        <form-login-page>/login.xhtml</form-login-page>
        <form-error-page>/errologin.xhtml</form-error-page>
      </form-login-config>
      </login-config>

       

        <security-role>
      <role-name>USUARIO</role-name>
        </security-role>
        <security-role>
      <role-name>NAO_AUTORIZADO</role-name>
        </security-role>

       

      jboss-web.xml:

       

      <?xml version="1.0" encoding="UTF-8"?>

      <jboss-web>

          <security-domain>solicitacoes</security-domain>

      </jboss-web>

       

      standalone.xml:

       

      <security-domain name="solicitacoes" cache-type="default">

          <authentication>

              <login-module code="br.urca.solicitacoes.visao.ModuloLogin" flag="required"/>

          </authentication>

      </security-domain>

       

      As you can see from the security configuration, the resources folder is unprotected, yet WildFly doesn't allow access to it before authentication. So, what am I missing or doing wrong?

       

      Thank you.

       

      Marcos