0 Replies Latest reply on Dec 27, 2017 5:00 PM by chandan kumar roushan

    Getting Forbidden message while login in Wildfly 10.0

    chandan kumar roushan Newbie

      Hi All,

                We have an application which uses JBoss 4.2. We are migrating it to Wildfly 10. Login page (index.jsp) uses j_security_check . We have custom loginmodule which extends the class UsernamePasswordLoginModule. This class contains a method called 'validatePassword' which gets called properly.The problem is, after completing the 'validatePassword' the Login page shows a forbidden message and does not get to the home page.

       

      Below is our loginmodule part of standalone-full.xml

       

       

      <security-domains>

                      <security-domain name="other" cache-type="default">

                          <authentication>

                              <login-module code="Remoting" flag="optional">

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

                              <login-module code="RealmDirect" flag="required">

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

                          </authentication>

                      </security-domain>

                      <security-domain name="dfc" cache-type="default">

                          <authentication>

                              <login-module code="dfc.security.LoginModule" flag="optional">

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

                          </authentication>

                      </security-domain>

                      <security-domain name="ssosp" cache-type="default">

                          <authentication>

                              <login-module code="dfc.security.sso.LoginModule" flag="required"/>

                          </authentication>

                      </security-domain>

                      <security-domain name="jboss-web-policy" cache-type="default">

                          <authorization>

                              <policy-module code="Delegating" flag="required"/>

                          </authorization>

                      </security-domain>

                      <security-domain name="jboss-ejb-policy" cache-type="default">

                          <authorization>

                              <policy-module code="Delegating" flag="required"/>

                          </authorization>

                      </security-domain>

                      <security-domain name="jaspitest" cache-type="default">

                          <authentication-jaspi>

                              <login-module-stack name="dummy">

                                  <login-module code="Dummy" flag="optional"/>

                              </login-module-stack>

                              <auth-module code="Dummy"/>

                          </authentication-jaspi>

                      </security-domain>

                      <security-domain name="EncryptDBPassword-local" cache-type="default">

                          <authentication>

                              <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">

                                  <module-option name="username" value="cupm"/>

                                  <module-option name="password" value="e345889db230b553c15fd85995b1cee"/>

                                  <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=java:/dfc/core"/>

                              </login-module>

                          </authentication>

                      </security-domain>

                      <security-domain name="EncryptDBPassword-remote" cache-type="default">

                          <authentication>

                              <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">

                                  <module-option name="username" value="cupm"/>

                                  <module-option name="password" value="e345889db230b553c15fd85995b1cee"/>

                                  <module-option name="managedConnectionFactoryName" value="jboss.jca:service=XATxCM,name=java:/dfc/core"/>

                              </login-module>

                          </authentication>

                      </security-domain>

                  </security-domains>

       

       

      Below is our loginmodule part of  web.xml :

       

      <login-config>

          <auth-method>FORM</auth-method>

          <form-login-config>

            <form-login-page>/common/indexRedirect.jsp</form-login-page>

            <form-error-page>/common/login_error.jsp</form-error-page>

          </form-login-config>

        </login-config>

       

      Also, we have a custom FormAuthenticator class which overrides method 'authenticate' which was getting called in JBoss 4.2. But now this class never gets called in Wildfly 10.

      We are stuck at this point .Your suggestions can get us fixed this issue.Please help.

       

       

      Thanks,

      Chandan Kumar