[jboss-user] [JBoss Portal] - After jaas implementation , we see the username and password in url on incorrect login
Aarti Roshan
do-not-reply at jboss.com
Tue Aug 3 17:43:29 EDT 2010
Aarti Roshan [http://community.jboss.org/people/aartir] created the discussion
"After jaas implementation , we see the username and password in url on incorrect login"
To view the discussion, visit: http://community.jboss.org/message/555753#555753
--------------------------------------------------------------
Hi,
We have jboss-4.2.2GA , after implementing JAAS , whenever a user has an incorrect login then we see the url /password like below
http://ares3:8080/scp/endeavour/j_security_check?j_username=asdf&j_password=adf&btnLogin=Login http://localhost:8080/test/j_security_check?j_username=asdf&j_password=adf&btnLogin=Login
is there any way we can stop this?
I check the FormAuthenticator.class where we forward to error page
RequestDispatcher disp =
context.getServletContext().getRequestDispatcher(config.getErrorPage());
disp.forward(request.getRequest(), response.getResponse())
So this way request has these parameters and its shown in the url when it forwards to error page.
Is there any configuration or any new version of jar .. where this issue is fixed?
Quick response is appreciated , we have customers complaining on this and we need to fix it.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/555753#555753]
Start a new discussion in JBoss Portal at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2011]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100803/fe2045cd/attachment.html
More information about the jboss-user
mailing list