I have a system in JSF2 where I use JAAS for access control. Everything is working fine in Chrome, but for a change in IE there is a problem.
Basically I have a form with login and password fields:
<form action="j_security_check" id="frmLogin" method="POST">
<input type="text" name="j_username" id="j_username"/>
<input type="password" name="j_password" id="j_password"/>
<p:commandButton id="btLogin" value="Login" onclick="enviar()" icon="ui-icon-play"/>
</form>
In Tomcat I have a jar which is my loginModule with login authentication rules:
public class LoginModuleUD implements LoginModule {
...
}
WEB.XML
<security-constraint>
<web-resource-collection>
<url-pattern>/sistema/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>teste</description>
<role-name>usuario</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/login.ud</form-login-page>
<form-error-page>/loginError.ud</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>usuario</role-name>
</security-role>
This is the main entity of the system, it is injected into all other entities:
@Named(value="loginMB")
@SessionScoped
public class LoginMB implements Serializable{
public LoginMB() {
System.out.println("CONSTRUTOR LOGINMB");
}
...
}
As I said, in Chrome everything is perfect, already in IE (I tested in 8 and 10), when accessing protected content it directs to the login screen and clicking on the LOGIN button the problem happens. One time it gets lost and it does not leave the login page, another time it goes to the correct page but loses the session (the LoginMB builder fires again) and I have to give an F5 / Refresh page.
Has anyone ever come across something like this?