I have a custom JSR 196 ServerAuthModule that protects a JEE application. This module works fine except for when the welcome-file is concerned. The scenario is as follows:
- The user requests the context root "myapp" with no page or servlet name
- The ServerAuthModule checks for "isManditory" on the requestPolicy, which returns false (since the root of the webapp isn't secured for things like css and images).
- The welcome-file is set to "apps" which is a servlet that is protected
- The user is forwarded/redirected to myapp/apps and gets a 403 error because the SAM let them through
If i try to access myapp/apps directly, I get authenticated properly, but not in the case where the default welcome-file has to be used.
How can I fix this?
Any hints would be appreciated,
Jason
[Message sent by forum member 'vinsonizer' (vinsonizer)]
http://forums.java.net/jive/thread.jspa?messageID=290400