Jose Inacio Silva Junior [
https://community.jboss.org/people/inacio-silva] created the
discussion
"Error 403 instead of login page"
To view the discussion, visit:
https://community.jboss.org/message/816892#816892
--------------------------------------------------------------
Hi,
I'm working on an app with resteasy.
The client (HTML, CSS, Javascript) reach the server via rest/json.
When the session expires on server I see a message on JBoss Console:
Entering logout
...
logged out Subject
Until now everything is ok.
But when the client try to access the server after that through PUT or DELETE method, it
receives an error 403. If the method is POST or GET it receives the login page.
My problem is: I need to show a login page when the session expires since there are links
in the app that the user doesn't have access and in that case the ajax receives 403.
So, in the ajax, when I receive 403, I don't know if the session have expired or the
user have tried to acess an unauthorized resource.
The problem only appears with PUT and DELETE methods.
Is it a bug?
My Jboss 7.1.1
My web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance
http://www.w3.org/2001/XMLSchema-instance" xmlns="
http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee" xmlns:web="
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
metadata-complete="false" version="3.0">
<security-constraint>
<display-name>protected resources</display-name>
<web-resource-collection>
<web-resource-name>all</web-resource-name>
<description></description>
<url-pattern>/restrito/*</url-pattern>
<url-pattern>/rest/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name>pad_gestor</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>Gestor</description>
<role-name>pad_gestor</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>JBoss</realm-name>
<form-login-config>
<form-login-page>/publico/login.html</form-login-page>
</form-login-config>
</login-config>
</web-app>
Thanks in advance!
Inacio
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/816892#816892]
Start a new discussion in JBoss Web Development at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]