JBoss form based authentication. Always redirects to css file

StackOverflow https://stackoverflow.com/questions/23083134

Pergunta

I'm trying to implement form based authentication in JBoss 7.2.

web.xml:

<web-app>
  <security-constraint>
    <web-resource-collection>
        <web-resource-name>Everything needs authentication</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
        <role-name>MySuperRole</role-name>
    </auth-constraint>
  </security-constraint>

  <security-role>
    <role-name>MySuperRole</role-name>
  </security-role> 

  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/login.html</form-login-page>
        <form-error-page>/loginError.html</form-error-page>
    </form-login-config>
  </login-config>
</web-app>

jboss-web.xml

<jboss-web> 
      <context-root>myctx</context-root>
      <security-domain>my-policy</security-domain>
</jboss-web>

my-policy is configured correctly in the standalone.xml

Problem is after login, I get redirected to a css file I'm using in my html pages.

If I don't close the browser after login, and I try to go to the correct page again, now it works, since I authenticated 1 second ago, but initially I always go to the css file. Any thoughts on why is this happening?

Foi útil?

Solução

So apparently the .css file I was redirected to, was inside of my /login.html. As soon as I got rid of any css, javascript references inside of the html. It started working. I guess I will have to embed the css in the html file. I don't know any other workaround.

EDIT: (for @Aragorn)

Yes, I use style sheet link and it works. But for that you need to put the authentication constraint (see above) in the web.xml file. Because JBoss/WebSphere need to have UNAUTHENTICATED access to the style sheet file, if it doesn't, that is if to access your style sheet file you need authentication, then JBoss will remember, and when you login using the user and password, it will redirect you to the first Style Sheet link/ JS link in your .html file, check it, it's always the first file that needs authentication you get redirected to, if no style sheet links / js links need authentication, then you will be redirected to the correct html!

Also for the links paths, consider as "base" the html file you're trying to retrieve, NOT the login.html! (In my case they are in different directories in order to make the authentication constraints work)

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top