4 Replies Latest reply on Oct 4, 2008 10:44 AM by Piotr Jatym

    FORM auth-method redirect problem

    Jason Hopkins Newbie

      Hi,

      I'm using the form auth-method to authenticate new users to my application. The form-login-page is a simple jsf page that uses a html element to post to j_security_check. Pre-3.2.0 this was working perfrectly but after upgrading to 3.2.1GA after login I am directed to:

      <context-root>/a4j_3_2_1-SNAPSHOTorg/richfaces/renderkit/html/css/extended_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jspx


      rather than the page that was origanally requested.

      Any ideas how I can get around this?

        • 1. Re: FORM auth-method redirect problem
          Aleksandr Savelyev Newbie

          Having the similar issue... using jsf 1.2_07 + facelets 1.1.14 + 3.2.1GA

          After hitting login button, browser (Firefox, IE, Safari) either spits out some css(eAF7sqpgb-jyGdIAFrMEaw__.css) that get opened in notepad or just displays empty page

          From web.xml:

          <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>Form-Based Authentication Area</realm-name>
          <form-login-config>
          <form-login-page>/faces/login.xhtml</form-login-page>
          <form-error-page>/faces/error.xhtml</form-error-page>
          </form-login-config>
          </login-config>

          Any ideas!

          • 3. Re: FORM auth-method redirect problem
            Jason Hopkins Newbie

            We fixed this problem :)

            It was caused by the resources requested by the login page (CSS etc) were also being flagged as restricted, so when you successfully logged in you were redirected to the last restricted page you requested... the CSS of the login page...

            To fix it you can specify a resource uri prefix in your web.xml


             <context-param>
             <param-name>org.ajax4jsf.RESOURCE_URI_PREFIX</param-name>
             <param-value>RichResources/</param-value>
             </context-param>
            


            Then you can make requests from that URI onwards unrestricted:


            <security-constraint>
             <web-resource-collection>
             <web-resource-name>RichFaces Resource Library</web-resource-name>
             <description>
             Allow users to access pictures and css.
             </description>
             <url-pattern>/RichResources/*</url-pattern>
             </web-resource-collection>
             </security-constraint>
            


            Sorted. :)