0 Replies Latest reply on Nov 3, 2004 2:46 PM by peake

    form input data lost when using security contraints on a pos

    peake Newbie

      We are using jboss 3.2.3 and using a security contraint for NTLM. We can authenticate fine. But once authenticated, our forms that have 'input' fields on them are 'lost' when submitted.
      They are being submitted with an action="post".
      If I remove the security constraint, the application works fine. (minus the fact no security is performed)

      If I use ieHttpHeader utility tool, I see the posted data when I am not securing the application, but when I turn security back on, the posted data is not present any longer on the request.

      1-where is the data being lost? What is not putting the posted data on the request?
      2-How can I correct.

      Thanks

      Security contains in web.xml is:
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Secured Content</web-resource-name>
      Require users to authenticate
      <url-pattern>/secure/*</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      </web-resource-collection>
      <auth-constraint>
      Only allow Authenticated Users role
      <role-name>Users</role-name>
      </auth-constraint>
      <user-data-constraint>
      Encryption is not required for the application in general.

      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      JBoss-web.xml looks like:
      <jboss-web>
      <security-domain>java:/jaas/pdk-eiam-security</security-domain>

      <ejb-ref>
      <ejb-ref-name>ejb/UserInfoSession</ejb-ref-name>
      <jndi-name>ejb/UserInfoSession</jndi-name>
      </ejb-ref>

      </jboss-web>