Hello,
I am using the ExtendedFormAuthenticator which works fine if both username and password
are correct.
But after entering an invalid password and submitting the form, the following
IllegalStateException is thrown, and therefore the error-page is not shown.
2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] User: testuser
is NOT authenticated
2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] End
authenticate, principal=null
2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator]
forwardToErrorPage
2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator]
SessionID: 125F46B5D04395A49BFF11FD83BAF
2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator]
Setting j_username = testuser
2008-04-19 14:23:07,780 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator]
Setting j_password = --hidden--
2008-04-19 14:23:07,780 TRACE [org.jboss.security.SecurityRolesAssociation] Setting
threadlocal:null
2008-04-19 14:23:07,780 TRACE [org.jboss.security.SecurityRolesAssociation] Setting
threadlocal:null
2008-04-19 14:23:07,781 ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception
or error occurred in the container during the requ
est processing
java.lang.IllegalStateException: Security Context is null
at
org.jboss.web.tomcat.security.SecurityAssociationActions$GetAuthExceptionAction.run(SecurityAssociationActions.java:168)
at java.security.AccessController.doPrivileged(Native Method)
at
org.jboss.web.tomcat.security.SecurityAssociationActions.getAuthException(SecurityAssociationActions.java:290)
at
org.jboss.web.tomcat.security.ExtendedFormAuthenticator.populateSession(ExtendedFormAuthenticator.java:180)
at
org.jboss.web.tomcat.security.ExtendedFormAuthenticator.forwardToErrorPage(ExtendedFormAuthenticator.java:123)
at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:260)
at
org.jboss.web.tomcat.security.ExtendedFormAuthenticator.authenticate(ExtendedFormAuthenticator.java:86)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:90)
at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:96)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:309)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)
Before this happens the javax.security.auth.login.FailedLoginException was thrown by the
LoginModule,
Does anyone have an idea what is going wrong?
Thomas
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4145312#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...