Hi,
I'm working on an app with resteasy.
The client (HTML, CSS, Javascript) reach the server via rest/json.
When the session expires on server I see a message on JBoss Console:
Entering logout
...
logged out Subject
Until now everything is ok.
But when the client try to access the server after that through PUT or DELETE method, it receives an error 403. If the method is POST or GET it receives the login page.
My problem is: I need to show a login page when the session expires since there are links in the app that the user doesn't have access and in that case the ajax receives 403.
So, in the ajax, when I receive 403, I don't know if the session have expired or the user have tried to acess an unauthorized resource.
The problem only appears with PUT and DELETE methods.
Is it a bug?
My Jboss 7.1.1
My web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" metadata-complete="false" version="3.0">
<security-constraint>
<display-name>protected resources</display-name>
<web-resource-collection>
<web-resource-name>all</web-resource-name>
<description></description>
<url-pattern>/restrito/*</url-pattern>
<url-pattern>/rest/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name>pad_gestor</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>Gestor</description>
<role-name>pad_gestor</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>JBoss</realm-name>
<form-login-config>
<form-login-page>/publico/login.html</form-login-page>
</form-login-config>
</login-config>
</web-app>
Thanks in advance!
Inacio