I've added some logging and am seeing:
| [30 Apr 2008 11:56:26] DEBUG com.msp.ejb.security.IdentityLoginModule - U
| serStatus is OK, returning true.
| [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.authenticator.FormAuthenticator
| - Authentication of 'dean.pullen' was successful
| [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.authenticator.FormAuthenticator
| - Redirecting to original '/portal/auth/portal/default/default'
| [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.authenticator.AuthenticatorBase
| - Failed authenticate() test ??/portal/auth/portal/default/j_security_check
| [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.connector.CoyoteAdapter - Req
| uested cookie session id is 6D4F6081BEF093070076F5DF9E375A06
| [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.authenticator.AuthenticatorBase
| - Security checking request GET /portal/auth/portal/default/default
| [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.realm.RealmBase - Checking c
| onstraint 'SecurityConstraint[Authenticated]' against GET
/auth/portal/default/d
| efault --> true
| [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.realm.RealmBase - Checking c
| onstraint 'SecurityConstraint[Secure]' against GET
/auth/portal/default/default
| --> false
| [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.realm.RealmBase - Checking c
| onstraint 'SecurityConstraint[Secure+Authenticated]' against GET
/auth/portal/de
| fault/default --> false
| [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.realm.RealmBase - Checking c
| onstraint 'SecurityConstraint[Authenticated]' against GET
/auth/portal/default/d
| efault --> true
| [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.realm.RealmBase - Checking c
| onstraint 'SecurityConstraint[Secure]' against GET
/auth/portal/default/default
| --> false
| [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.realm.RealmBase - Checking c
| onstraint 'SecurityConstraint[Secure+Authenticated]' against GET
/auth/portal/de
| fault/default --> false
|
(You'll notice I've replaced IdentityLoginModule with our own version which only
adds additional debug statements)
I see it passing the Authenticated roles but not Secure or Secure+Authenticated but
I've never seen these mentioned anywhere. Is this the cause of the problem, and if so
how do I fix it? Adding these roles doesn't seem to change anything.
This also makes me wonder if authetication hasn't properly passed (shown above too):
| [30 Apr 2008 11:56:26] DEBUG org.apache.catalina.authenticator.AuthenticatorBase
| - Failed authenticate() test ??/portal/auth/portal/default/j_security_check
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147787#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...