1 Reply Latest reply on Jan 10, 2008 12:05 PM by ragavgomatam

    HTTP Status 403 - logging with another role causes error

    neglli1
    neglli1 Jan 9, 2008 5:55 AM

      hi evereybody!

      we are using different roles in our project: child and parent. for the parents site only parents should have access to the secured pages.

      we are using form-based authentication.

      when i log in with a user, that is not registered in our db, everything works fine and I am redirected to the login-error-page. when i log in as parent, also everything works fine and i am getting access to the secured page.

      but when i log in as child (which is a proper defined role), i a not redirected to the login-error-page..

      why? what do i have to change?

      the relating passage of web.xml looks like this:

      <!-- security -->
      <security-constraint>
      <display-name>SaferWebSecurity</display-name>
      <web-resource-collection>
      <web-resource-name>
      SecureResource
      </web-resource-name>
      <url-pattern>/forwardPage.iface</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>P</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
      <form-login-page>/login.html</form-login-page>
      <form-error-page>/loginError.html</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      Parent
      <role-name>P</role-name>
      </security-role>

      <security-role>
      Child
      <role-name>C</role-name>
      </security-role>

      i'm looking forward for your answers.

      cheers stefan

      • 1491 Views
      • Tags:
        • 1. Re: HTTP Status 403 - logging with another role causes error
          ragavgomatam
          ragavgomatam Jan 10, 2008 12:05 PM (in response to neglli1)

          Hi,

          First are you using the SimplePrincipal from Jboss or your own Principal Object ?

          Second
          What is the role your are associating with your Principal object when you log in as Child ? My guess it it should be C ( as per your web.xml) .

          If you are rolling out your ow authentication, i guess you would be subclassing the AbstractServerLoginModule. If Using your own Principal, subclass SimplePrincipal. In the AbstractServerLoginModule there is a method addRoles() i believe. Override it with your roles.

          Maybe you can post the jaas login module code ...

            • Actions