Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-11131

@LoginToContinue.errorPage doesn't work for pages in WEB-INF (New Java EE 8 Security)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 14.0.1.Final
    • Security
    • None

      I have this configuration:

      @FormAuthenticationMechanismDefinition(
    loginToContinue = @LoginToContinue(
        loginPage = "/WEB-INF/account/login.xhtml",
        errorPage = "/WEB-INF/account/login.xhtml?error=true"))
@ApplicationScoped
public class SecurityConfiguration {}

      When I open browser and go to restricted page, I am forwarded to login page. Then I input invalid username and password and submit form (action="j_security_check"). My browser sends me redirect to http://localhost:8080/WEB-INF/account/login.xhtml?error=true. I believe it should forward request to /WEB-INF/account/login.xhtml?error=true because standard FORM login-config in web.xml worked this way.

              Unassigned Unassigned
              instantiationexception@gmail.com Instantiation Exception (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: