I tried JBoss AS7.1.1 Final and used a FormBased Security Application.
Once the user enters correct credentials the URL Changes to "http://localhost/FormBasedAuth1/protected/j_security_check" And which is displaying BLANK page. ideally this url is not even supposed to be visible to the user.
It is happening only when i am using APACHE web Server in front of JBoss AS7.1.1 with mod_jk. (If i dont use mod_jk then the application works fine.)
A short while ago I reported my frustration trying to implement Ldap authentication. See https://community.jboss.org/message/719648#719648
Look at the final few paragraphs starting with "One more update...."
Your posting has opened a new possibility for me since I am also using Apache and mod_jk with form based authentication.
I suggest that you test the work around I found:
Perform the form authentication until you see the blank page that users should never see.
Then open a new browser tab and browse to the protected page that your authentication was applying to.
You may find that you are granted access as should have happened when the credentials were posted.
I believe that the redirect after successful authentication is not happening and that's why we see a blank page instead of the intended protected page. I never suspected that mod_jk might be the culprit however.
If you post the results and your testing shows the same results, one of us should then post a jira.
BTW, obviously the work around is impractical for end users but it does allow the developer to carry on testing while others fix the bug.
Yes, After seeing the BLANK page ( "http://localhost/FormBasedAuth1/protected/j_security_check" ) The redirection is not happening for the secured resource automatically . I have to open a separete TAB in the same browser to see the secured resource. Which means the authentication was successful but the automatic redirection did not happen which caused BLANK page to appear on the browser after the successful authentication.
This looks like a Bug for sure. I created a JIRA for this : https://issues.jboss.org/browse/AS7-4149
Just checked that the problem is due to the ajp setting.
Sympton: Instead of redirecting to a protected page after successful login, it redirects to ajp://<proected page>
In the configuration, change
<connector name="ajp" protocol="AJP/1.3" scheme="ajp" socket-binding="ajp"/>
<connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>
would solve the problem.