I'm using JBoss 3.0.6 with the integrated Jetty web container. I'm using form based authentification with a database login module. The Login with JAAS works fine except one thing.
I found out the Jetty uses a session attribute org.mortbay.jetty.URI to redirect to the requested site after entering the correct login informations. The problem I have is that after a user has logged in, this attribute is never overwritten anymore.
I'll give an example: if a user logged in as role "editor" and he wants to enter the admin area, he is of course redirected to login page, bcause he doesn't have permissions. If he now enters user and password for the role "admin", the mentioned attribute is not overwritten. That means that the user is not redirected to the site he requested but the site he qequested when logging in as "editor" (the site that is still in the attribute org.mortbay.jetty.URI)!!
The interesting thing is that the session atttribute org.mortbay.jetty.Auth which contains the user name is overwritten!!
Have I forgotten to configure something or is this a bug in jetty? Should I try out the version with tomcat?
Thanks in advance