0 Replies Latest reply on Sep 21, 2005 5:04 AM by Per Jorgen Walstrom

    can log in, but access to other pages gives 401

    Per Jorgen Walstrom Newbie

      hello,
      I have a web-application running under JBoss 4.0.1sp1. I use basic authentication on my web-application. It seems like the login mechanism is working fine; I am able to log in to my main web-page. But when I try to access any further pages from there, I get a 401-error (which means unauthorized):

      2005-09-21 09:41:19,407 ERROR [STDERR] javax.servlet.jsp.JspException: Exception reading resource http://localhost/sid-admin/topmenu.jsp: java.io.IOException: Server returned HTTP response code: 401 for URL: http://localhost/sid-admin/topmenu.jsp
      


      Does anybody have a solution to this? I do believe my URL-pattern is correctly defined?

      Here are excerpts from my web.xml and login-config.xml files:

      web.xml:
       <!-- Define a Security Constraint on this Application -->
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>Entire Application</web-resource-name>
       <description>Security constraint for sid-admin</description>
       <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
       <role-name>sid-administrator</role-name>
       </auth-constraint>
       </security-constraint>
      
       <!-- Define the Login Configuration for this Application -->
       <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>SID Administration</realm-name>
       </login-config>
      
       <security-role>
       <description>A user allowed to invoke the sid-admin application</description>
       <role-name>sid-administrator</role-name>
       </security-role>
      


      login-config.xml:
       <application-policy name="sid-administrator">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="dsJndiName">java:/OracleDS</module-option>
       <module-option name="principalsQuery">select password from xyz_user where user_name=?</module-option>
       <module-option name="rolesQuery">select role, 'Roles' from xyz_user_role where user_name=?</module-option>
       </login-module>
       </authentication>
       </application-policy>