We are using form based J2EE security in combination with a custom
UsernamePasswordLoginModule. The entire web site is protected.
<login-config>
| <auth-method>FORM</auth-method>
| <realm-name>ASM AD Authentication</realm-name>
| <form-login-config>
| <form-login-page>/login/login.jsp</form-login-page>
| <form-error-page>
| /login/authenticationFailed.jsp
| </form-error-page>
| </form-login-config>
| </login-config>
Here's what is happening now: If a user tries to access a URL for a web app, they are
redirected to the login.jsp above which submits to the JBoss j_security_check action.
After they are authenticated, they are then redirected to the URL they requested.
The above works fine...if the user is requesting the "start" page for a web app
and is authenticating for the first time. However, if they have bookmarked a
"non-start page" in the application, or have clicked on a link after their
session times out, after they are redirected to the login.jsp, authenticated by JBoss, and
then sent to the URL requested, it causes problems because many URL's they are hitting
expect objects in session, request, etc, and it's causing null pointer exceptions in
our logs.
Here's what we want to do: If an unauthenticated user tries to access a URL that is
NOT the "start" page for an application, they are redirected to specific page
AFTER they are authenticated, and not the original URL requested which might cause
problems.
I hope the above makes sense.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4027281#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...