0 Replies Latest reply on Apr 18, 2006 2:57 AM by David Richmond

    JSF and JAAS and redeployment

    David Richmond Newbie

      Using JBoss 4.0.4.CR2.

      We deploy an EAR with a contained WAR, which declares a FORM based login Security profile refering to a self-made login module derived from the JBoss DatabaseLoginModule.

      All works fine at startup. Users can login, roles are checked etc, etc.

      However, if I deploy a new version of the EAR (code updates) and press 'Refresh' on the browser I get a '403 Forbidden' status back. If I modify the browser URL and add a '?' to it then press return, I get the login page.

      We are using JSF (with Facelets 1.1.4) which POSTs all requests (never does a GET).

      My workaround is to redirect the '403' page in Tomcat to a servlet that tests if the request is a POST, if so it redirects to the context root with a GET.

      Is there a better solution to this?