[jboss-dev-forums] [JBoss Web Development] - Error 403 instead of login page

Jose Inacio Silva Junior do-not-reply at jboss.com
Wed May 8 17:33:52 EDT 2013 

Jose Inacio Silva Junior [https://community.jboss.org/people/inacio-silva] created the discussion

"Error 403 instead of login page"

To view the discussion, visit: https://community.jboss.org/message/816892#816892

--------------------------------------------------------------
Hi,

I'm working on an app with resteasy.
The client (HTML, CSS, Javascript) reach the server via rest/json.
When the session expires on server I see a message on JBoss Console:

Entering logout
...
logged out Subject

Until now everything is ok.

But when the client try to access the server after that through PUT or DELETE method, it receives an error 403. If the method is POST or GET it receives the login page.

My problem is: I need to show a login page when the session expires since there are links in the app that the user doesn't have access and in that case the ajax receives 403.
So, in the ajax, when I receive 403, I don't know if the session have expired or the user have tried to acess an unauthorized resource.
The problem only appears with PUT and DELETE methods.

Is it a bug?

My Jboss 7.1.1

My web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/2001/XMLSchema-instance" xmlns=" http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee" xmlns:web=" http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation=" http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee  http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" metadata-complete="false" version="3.0">

<security-constraint>
    <display-name>protected resources</display-name>
    <web-resource-collection>
         <web-resource-name>all</web-resource-name>
              <description></description>
              <url-pattern>/restrito/*</url-pattern>
              <url-pattern>/rest/*</url-pattern>
         </web-resource-collection>
         <auth-constraint>
           <description></description>
           <role-name>pad_gestor</role-name>
         </auth-constraint>
</security-constraint>
<security-role>
    <description>Gestor</description>
    <role-name>pad_gestor</role-name>
</security-role> 
<login-config>
   <auth-method>FORM</auth-method>
   <realm-name>JBoss</realm-name>
   <form-login-config>
      <form-login-page>/publico/login.html</form-login-page>
    </form-login-config> 
</login-config>  
</web-app>

Thanks in advance!
Inacio
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/816892#816892]

Start a new discussion in JBoss Web Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2112]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20130508/e377ea09/attachment.html

More information about the jboss-dev-forums mailing list