Results 1 to 1 of 1
LinkBack URL
About LinkBacks- 12-01-2009, 02:42 PM #1
Member
- Join Date
- Dec 2009
- Posts
- 1
- Rep Power
- 0
wrong redirection from j_security_check when user in different role
hi i'm using j_security check with weblogic,
with <wls:principal-name>Administrators</wls:principal-name>
to let only administrators access.
the strange thing is that :
if i enter an administrator user/password -> it sends me to the correct page
if i enter a username that does not exist -> it sends me to the error page
if i enter a wrong password -> it sends me to the error page
but if i enter a username/password that exists but that is not an administrator it throws an error (sending me to the default error page of the application), with all relative path images and links broken. and looking at the URL, it is the URL that i should get when entering as an administrator.
in the audit log file, the person's role is being known and i'm getting a failure
this is a part of the log, when logging in a wrong role
/faces/page/sampleList.jsp is the page where the user should be redirected if he was an administratorJava Code:#### Audit Record Begin <Nov 25, 2009 10:41:33 AM> <Severity =SUCCESS> <<<Event Type = Authentication Audit Event><dany><AUTHENTICATE>>> Audit Record End #### #### Audit Record Begin <Nov 25, 2009 10:41:33 AM> <Severity =INFORMATION> <<<Event Type = RoleManager Audit Event ><Subject: 2 Principal = class weblogic.security.principal.WLSUserImpl("dany") Principal = class weblogic.security.principal.WLSGroupImpl("AppTesters") ><<url>><type=<url>, application=app, contextPath=/PP, uri=/faces/page/sampleList.jsp, httpMethod=GET><>>> Audit Record End #### #### Audit Record Begin <Nov 25, 2009 10:41:33 AM> <Severity =FAILURE> <<<Event Type = Authorization Audit Event V2 ><Subject: 2 Principal = class weblogic.security.principal.WLSUserImpl("dany") Principal = class weblogic.security.principal.WLSGroupImpl("AppTesters") ><ONCE><<url>><type=<url>, application=app, contextPath=/PP, uri=/faces/page/sampleList.jsp, httpMethod=GET>>> Audit Record End #### #### Audit Record Begin <Nov 25, 2009 10:41:34 AM> <Severity =FAILURE> <<<Event Type = Authorization Audit Event V2 ><Subject: 2 Principal = class weblogic.security.principal.WLSUserImpl("dany") Principal = class weblogic.security.principal.WLSGroupImpl("AppTesters") ><ONCE><<url>><type=<url>, application=app, contextPath=/PP, uri=/faces/page/images/error/image.png, httpMethod=GET>>> Audit Record End ####
the error is here
/faces/page/images/error/image.png does not exist, in my code i have a relative path '/images/error/image.png' that shouldn't come from '/faces/page/' (the path for a right login) but from '/common/pages/' (the path where error-page.jsp exists)
thank you for your help (sorry for the long post:p)
Reply With QuoteSimilar Threads
-
Custom role in spring security
By ngoc61 in forum Web FrameworksReplies: 1Last Post: 08-07-2009, 03:39 AM -
problem in j_security_check authentication
By Mrs. Deswal in forum NetworkingReplies: 2Last Post: 05-28-2009, 09:26 AM -
RAndom role dice
By thenewsaw in forum JCreatorReplies: 1Last Post: 02-07-2009, 02:10 AM -
Java Web Developer - Permanent Role - Swindon
By Mike Brown in forum Jobs OfferedReplies: 0Last Post: 02-12-2008, 04:21 PM -
redirection in jsp
By valery in forum JavaServer Pages (JSP) and JSTLReplies: 1Last Post: 08-06-2007, 08:31 PM
Bookmarks