users@jsf-extensions.java.net

JSF1.2 - JAAS - Tomcat 6 : problem with redirecting to 403 page

From: Shantanu Upadhyaya <shantanu.u_at_gmail.com>
Date: Sat, 8 Aug 2009 10:49:19 -0700 (PDT)

I'm trying to fix a simple problem for 2 days.

My stack is as follows :
* JSF 1.2, Facelets, Richfaces 3.2.1
* JAAS - authentication and authorization
* Tomcat 6

Points to note :
----------------
1. JAAS is working. I'm able to login into the application.
2. Roles are working.
3. My login page uses <f:verbatim> , like this :

                <rich:panel id="loginPanel">
                <f:facet name="header">Login Panel</f:facet>
                <f:verbatim>
                        <form method="post" action="#{testBean.securityUrl}">
                                <table><tr>
                                                <td>User Id</td>
                                                <td><input type="text" name="j_username" /></td>
                                        </tr>
                                        <tr>
                                                <td>Password</td>
                                                <td><input type="password" name="j_password" /></td>
                                        </tr>
                                        <tr>
                                                <td align="center">
                                                        <input type="submit" value="Login" />
                                                </td>
                                </tr></table>
                        </form>
                </f:verbatim>
                </rich:panel>


4. My 403 (forbidden) page is a JSF page.
5. I'm not using Phaselisteners / Actionlisteners / filters for JAAS.
6. Authentication mechanism in web.xml

        <login-config>
                <auth-method>FORM</auth-method>
                <realm-name>myrealm</realm-name>
                <form-login-config>
                        <form-login-page>/faces/login/login.jsf</form-login-page>
                        <form-error-page>/faces/login/loginerror.jsf</form-error-page>
                </form-login-config>
        </login-config>


Sequence of steps for simulating the problem :
---------------------------------------------
7. Open the home page - no authentication required.
8. Click on a link that requires a role of 'Admin'
9. Tomcat redirects me to the login page ( JSF panels are rendered fine )
10. I login with a user id that DOES NOT have 'Admin' privileges.
11. Tomcat redirects me to error403.xhtml.
        <error-page>
                <error-code>403</error-code>
                    <location>/pages/errpgs/error403.jsf</location>
        </error-page>

PROBLEM :
---------

12. error403.xhtml is NOT rendered as a Richfaces page !
    The rich menus are not getting rendered.
    Facelets are working cos I see <ui:composition> working.
    
Why is error403.html a richfaces page whereas login.xhtml is not ?
(see 12 and 6 above) 



-- 
View this message in context: http://www.nabble.com/JSF1.2---JAAS---Tomcat-6-%3A-problem-with-redirecting-to-403-page-tp24878033p24878033.html
Sent from the jsf-extensions users mailing list archive at Nabble.com.
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.