[jboss-jira] [JBoss JIRA] (WFLY-11131) @LoginToContinue.errorPage doesn't work for pages in WEB-INF (New Java EE 8 Security)

Instantiation Exception (Jira) issues at jboss.org
Sun Oct 7 18:27:00 EDT 2018 

    [ https://issues.jboss.org/browse/WFLY-11131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13644344#comment-13644344 ] 

Instantiation Exception commented on WFLY-11131:
------------------------------------------------

It is possible that this is correct behavior. Spec says (https://javaee.github.io/security-spec/spec/jsr375-spec.html#_logintocontinue_annotation)

{quote}
(...)
Redirect or forward to LoginToContinue.loginPage(), depending on the value of the useForwardToLogin() attribute.
(...)
If LoginToContinue.errorPage() is non-null and non-empty, redirect to LoginToContinue.errorPage().
(...)
{quote}

> @LoginToContinue.errorPage doesn't work for pages in WEB-INF (New Java EE 8 Security)
> -------------------------------------------------------------------------------------
>
>                 Key: WFLY-11131
>                 URL: https://issues.jboss.org/browse/WFLY-11131
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 14.0.1.Final
>            Reporter: Instantiation Exception
>            Assignee: Darran Lofthouse
>            Priority: Major
>
> I have this configuration:
> {code:java}
> @FormAuthenticationMechanismDefinition(
>     loginToContinue = @LoginToContinue(
>         loginPage = "/WEB-INF/account/login.xhtml",
>         errorPage = "/WEB-INF/account/login.xhtml?error=true"))
> @ApplicationScoped
> public class SecurityConfiguration {}
> {code}
> When I open browser and go to restricted page, I am forwarded to login page. Then I input invalid username and password and submit form (action="j_security_check"). My browser sends me redirect to http://localhost:8080/WEB-INF/account/login.xhtml?error=true. I believe it should forward request to /WEB-INF/account/login.xhtml?error=true because standard FORM login-config in web.xml worked this way.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list