users@jsf-extensions.java.net

Re: JSF1.2 - JAAS - Tomcat 6 : problem with redirecting to 403 page

From: meraj_zia <meraj.zia_at_imperial.nhs.uk>
Date: Thu, 29 Oct 2009 07:43:29 -0700 (PDT)

Is your bean in request scope or session scope?



Shantanu Upadhyaya wrote:
>
> I'm trying to fix a simple problem for 2 days.
>
> My stack is as follows :
> * JSF 1.2, Facelets, Richfaces 3.2.1
> * JAAS - authentication and authorization
> * Tomcat 6
>
> Points to note :
> ----------------
> 1. JAAS is working. I'm able to login into the application.
> 2. Roles are working.
> 3. My login page uses <f:verbatim> , like this :
>
> <rich:panel id="loginPanel">
> <f:facet name="header">Login Panel</f:facet>
> <f:verbatim>
> <form method="post" action="#{testBean.securityUrl}">
> <table><tr>
> <td>User Id</td>
> <td><input type="text" name="j_username" /></td>
> </tr>
> <tr>
> <td>Password</td>
> <td><input type="password" name="j_password" /></td>
> </tr>
> <tr>
> <td align="center">
> <input type="submit" value="Login" />
> </td>
> </tr></table>
> </form>
> </f:verbatim>
> </rich:panel>
>
>
> 4. My 403 (forbidden) page is a JSF page.
> 5. I'm not using Phaselisteners / Actionlisteners / filters for JAAS.
> 6. Authentication mechanism in web.xml
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>myrealm</realm-name>
> <form-login-config>
> <form-login-page>/faces/login/login.jsf</form-login-page>
> <form-error-page>/faces/login/loginerror.jsf</form-error-page>
> </form-login-config>
> </login-config>
>
>
> Sequence of steps for simulating the problem :
> ---------------------------------------------
> 7. Open the home page - no authentication required.
> 8. Click on a link that requires a role of 'Admin'
> 9. Tomcat redirects me to the login page ( JSF panels are rendered fine )
> 10. I login with a user id that DOES NOT have 'Admin' privileges.
> 11. Tomcat redirects me to error403.xhtml.
> <error-page>
> <error-code>403</error-code>
> <location>/pages/errpgs/error403.jsf</location>
> </error-page>
>
> PROBLEM :
> ---------
>
> 12. error403.xhtml is NOT rendered as a Richfaces page !
> The rich menus are not getting rendered.
> Facelets are working cos I see <ui:composition> working.
>
> Why is error403.html a richfaces page whereas login.xhtml is not ?
> (see 12 and 6 above)
>
>
>
> 

-- 
View this message in context: http://www.nabble.com/JSF1.2---JAAS---Tomcat-6-%3A-problem-with-redirecting-to-403-page-tp24878033p26114423.html
Sent from the jsf-extensions users mailing list archive at Nabble.com.
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.