I have web application (JSF+RichFaces) which deployed on JBoss 4.2.2.GA. I am using JOSSO for Single Sign On authentication. And all works fine, but sometimes I have 403 response code from jboss.
And I can't find the reason why it is occurred:
1. it occurs randomly
2. it doesn't depend on page I tried to visit
3. it doesn't depend on session timeout
4. I never saw 403 immediately after login... I need 5-15 minutes using application to reproduce this error. Any URL redirects me to accessDenied page after 403 error. It is recovered when after session timeout (it forwards me to the login screen and works again).
5. actions don't work but URLs are changed when I click on any links (h:commandLink) inside application. Logout action doesn't work when I have Access Denied too.
Can somebody help me with ideas of the reason of such behaviour or what should I check to resolve this issue?
Thank you in advance.
I found the reason. It is not JBoss, it is JOSSO. It refreshes roles for current session time by time and removed the role for user I logged in.