0 Replies Latest reply on Apr 19, 2008 9:37 AM by Thomas Michal

    ExtendedFormAuthenticator causes IllegalStateException in Se

    Thomas Michal Newbie

      Hello,

      I am using the ExtendedFormAuthenticator which works fine if both username and password are correct.

      But after entering an invalid password and submitting the form, the following IllegalStateException is thrown, and therefore the error-page is not shown.

      2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] User: testuser is NOT authenticated
      2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] End authenticate, principal=null
      2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator] forwardToErrorPage
      2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator] SessionID: 125F46B5D04395A49BFF11FD83BAF
      2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator] Setting j_username = testuser
      2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator] Setting j_password = --hidden--
      2008-04-19 14:23:07,780 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
      2008-04-19 14:23:07,780 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
      2008-04-19 14:23:07,781 ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception or error occurred in the container during the requ
      est processing
      java.lang.IllegalStateException: Security Context is null
      at org.jboss.web.tomcat.security.SecurityAssociationActions$GetAuthExceptionAction.run(SecurityAssociationActions.java:168)
      at java.security.AccessController.doPrivileged(Native Method)
      at org.jboss.web.tomcat.security.SecurityAssociationActions.getAuthException(SecurityAssociationActions.java:290)
      at org.jboss.web.tomcat.security.ExtendedFormAuthenticator.populateSession(ExtendedFormAuthenticator.java:180)
      at org.jboss.web.tomcat.security.ExtendedFormAuthenticator.forwardToErrorPage(ExtendedFormAuthenticator.java:123)
      at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:260)
      at org.jboss.web.tomcat.security.ExtendedFormAuthenticator.authenticate(ExtendedFormAuthenticator.java:86)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:90)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:96)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:309)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:595)

      Before this happens the javax.security.auth.login.FailedLoginException was thrown by the LoginModule,

      Does anyone have an idea what is going wrong?

      Thomas