2 Replies Latest reply on Nov 6, 2008 5:42 PM by shiva

    Http 403 error when the user enters the wrong password durin

    shiva Newbie

      we are getting "HTTP Status 403 - Access to the requested resource has been denied page is displayed."

      when the user enters wrong password instead of custom login_error.jsp
      as configured in web.xml of our web app.

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>test</realm-name>
      <form-login-config>
      <form-login-page>/home/login.jsp</form-login-page>
      <form-error-page>/home/login_error.jsp</form-error-page>
      </form-login-config>
      </login-config>

        • 1. Re: Http 403 error when the user enters the wrong password d
          shiva Newbie

          The jboss version we are using is 4.2.1

          • 2. Re: Http 403 error when the user enters the wrong password d
            shiva Newbie

            Below is the stack trace i got.

            2008-11-06 10:01:52,004 TRACE [org.jboss.security.ClientLoginModule]
            Security domain: servicelinkpolicy
            2008-11-06 10:01:52,004 TRACE [org.jboss.security.ClientLoginModule] Enabling restore-login-identity mode
            2008-11-06 10:01:52,004 TRACE [org.jboss.security.ClientLoginModule] Begin login
            2008-11-06 10:01:52,007 TRACE [org.jboss.security.ClientLoginModule] Obtained login: admin, credential.class: [C
            2008-11-06 10:01:52,008 TRACE [org.jboss.security.ClientLoginModule] End login
            2008-11-06 10:01:52,018 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] initialize, instance=@14622894
            2008-11-06 10:01:52,018 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] Security domain: servicelinkpolicy
            2008-11-06 10:01:52,018 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] login
            2008-11-06 10:01:52,037 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=admin
            javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
            at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
            at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
            at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:283)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
            at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
            at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
            at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
            at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
            at javax.naming.InitialContext.init(InitialContext.java:223)
            at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:134)
            at org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:524)
            at org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:393)
            at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:336)
            at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:229)
            at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:585)
            at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
            at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
            at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
            at java.security.AccessController.doPrivileged(Native Method)
            at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
            at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
            at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
            at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
            at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
            at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
            at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
            at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
            at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
            at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:420)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
            at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
            at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
            at java.lang.Thread.run(Thread.java:595)
            2008-11-06 10:01:52,053 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] initialize, instance=@20570524
            2008-11-06 10:01:52,053 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] Security domain: servicelinkpolicy
            2008-11-06 10:01:52,053 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] login
            2008-11-06 10:01:52,083 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=admin
            javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
            at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
            at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
            at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:283)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
            at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
            at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
            at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
            at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
            at javax.naming.InitialContext.init(InitialContext.java:223)
            at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:134)
            at org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:524)
            at org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:393)
            at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:336)
            at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:229)
            at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:585)
            at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
            at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
            at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
            at java.security.AccessController.doPrivileged(Native Method)
            at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
            at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
            at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
            at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
            at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
            at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
            at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
            at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
            at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
            at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:420)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
            at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
            at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
            at java.lang.Thread.run(Thread.java:595)
            2008-11-06 10:01:52,085 TRACE [org.jboss.security.ClientLoginModule] commit, subject=Subject:

            2008-11-06 10:01:52,091 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
            , sc=org.jboss.security.SecurityAssociation$SubjectContext@ffb648{principal=admin,subject=1601287}
            2008-11-06 10:01:52,092 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] commit, loginOk=false
            2008-11-06 10:01:52,092 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] commit, loginOk=false
            2008-11-06 10:01:52,092 TRACE [org.jboss.security.plugins.JaasSecurityManager.servicelinkpolicy] defaultLogin, lc=javax.security.auth.login.LoginContext@2163cd, subject=Subject(1601287).principals=org.jboss.security.SimplePrincipal@889349(admin)
            2008-11-06 10:01:52,092 TRACE [org.jboss.security.plugins.JaasSecurityManager.servicelinkpolicy] updateCache, inputSubject=Subject(1601287).principals=org.jboss.security.SimplePrincipal@889349(admin), cacheSubject=Subject(2051258).principals=org.jboss.security.SimplePrincipal@889349(admin)
            2008-11-06 10:01:52,092 TRACE [org.jboss.security.plugins.JaasSecurityManager.servicelinkpolicy] Inserted cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@e64b80[Subject(2051258).principals=org.jboss.security.SimplePrincipal@889349(admin),credential.class=java.lang.String@25300442,expirationTime=1225985511998]
            2008-11-06 10:01:52,093 TRACE [org.jboss.security.plugins.JaasSecurityManager.servicelinkpolicy] End isValid, true
            2008-11-06 10:01:52,095 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
            Principal: admin
            , sc=org.jboss.security.SecurityAssociation$SubjectContext@1f6fa50{principal=admin,subject=28030167}
            2008-11-06 10:01:52,096 TRACE [org.jboss.security.plugins.JaasSecurityManager.servicelinkpolicy] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@e64b80[Subject(2051258).principals=org.jboss.security.SimplePrincipal@889349(admin),credential.class=java.lang.String@25300442,expirationTime=1225985511998]
            2008-11-06 10:01:52,099 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@1f6fa50{principal=admin,subject=28030167}
            2008-11-06 10:01:52,099 TRACE [org.jboss.security.plugins.JaasSecurityManager.servicelinkpolicy] getUserRoles, subject: Subject:
            Principal: admin

            2008-11-06 10:01:52,103 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authentication of 'admin' was successful
            2008-11-06 10:01:52,104 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Redirecting to original '/drm/'
            2008-11-06 10:01:52,104 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test ??/drm/j_security_check
            2008-11-06 10:01:52,104 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
            2008-11-06 10:01:52,119 DEBUG [org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is DCDE1188FA234033EF8B4E1A3C9B206D
            2008-11-06 10:01:52,119 DEBUG [org.apache.catalina.core.ContainerBase] Process request for '/drm/'
            2008-11-06 10:01:52,119 DEBUG [org.apache.catalina.core.ContainerBase] Checking for SSO cookie
            2008-11-06 10:01:52,120 DEBUG [org.apache.catalina.core.ContainerBase] Checking for cached principal for 84B1D7763E4AE45FCB74D6803B1FE7E7
            2008-11-06 10:01:52,120 DEBUG [org.apache.catalina.core.ContainerBase] No cached principal found, erasing SSO cookie
            2008-11-06 10:01:52,120 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /drm/
            2008-11-06 10:01:52,121 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[anything]' against GET /index.html --> true
            2008-11-06 10:01:52,121 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[anything]' against GET /index.html --> true
            2008-11-06 10:01:52,121 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
            2008-11-06 10:01:52,121 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
            2008-11-06 10:01:52,121 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
            2008-11-06 10:01:52,121 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Restore request from session 'DCDE1188FA234033EF8B4E1A3C9B206D'
            2008-11-06 10:01:52,122 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Authenticated 'admin' with type 'FORM'
            2008-11-06 10:01:52,124 DEBUG [org.apache.catalina.core.ContainerBase] Registering sso id '4661C77BD77DA4F00D183EBBE9B53AEC' for user 'admin' with auth type 'FORM'
            2008-11-06 10:01:52,127 DEBUG [org.apache.catalina.core.ContainerBase] Associate sso id 4661C77BD77DA4F00D183EBBE9B53AEC with session StandardSession[DCDE1188FA234033EF8B4E1A3C9B206D]
            2008-11-06 10:01:52,127 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Proceed to restored request
            2008-11-06 10:01:52,127 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl()
            2008-11-06 10:01:52,128 DEBUG [org.apache.catalina.realm.RealmBase] Username admin does NOT have role ServiceLinkUsers
            2008-11-06 10:01:52,128 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed accessControl() test