Hello,
I have a problem which (after searching around) seems to be fairly wide-spread. Using j_security_check from a standard login.jsp form I get the following odd behaviour:
When (being not logged in) I try and access a restricted page Glassfish automatically redirects to the login.jsp - This is as I expect and fine.
When (being not logged in) I try to log in deliberately using incorrect login details I am redirected to the error page as would be expected. This is fine.
When (being not logged in) I try to log in using the correct details I am not redirected to the error page - which implies that Glassfish has checked my details and is happy to let me in. However I get a 403 error message saying I have not been authorized to view that particular resource/page. The URL given in the address bar is {somehting}/j_security_check. Not fine as I would expect (and have been led to believe) that upon successful authentication the user is then redirected to the initially requested page.
given all the above it seems likely that one of the following is true:
1. Somewhere in my descriptors (Netbeans config files) I need to explicitly allow people/roles to have access to specific pages/resources
2. j_security_check is a load of old tosh and doesn't work - this is highly unlikely as I have heard others using it in production environments and singing all the way to the bank because their development time is cut in half thanks to not having to worry about security in individual resources etc.
I can't find any authoritative explaination of the answer. Many "how to use j_security_check" documents but nothing addresses this problem.
Can anyone help me please?
cheers
Hugh
[Message sent by forum member 'hughacland' (hughacland)]
http://forums.java.net/jive/thread.jspa?messageID=235287