4 Replies Latest reply on Jun 28, 2006 1:13 PM by j2ee_junkie

    Problem in http to https switching in struts

    cool_bhanu

      Hi ,

      Iam developing application in struts which has login page and
      when username and password are given it should be authenticated and
      the page should be switched to https
      I had made necessary changes to include <transport-guarantee>
      and login-config to include the user properties
      but the
      <form-login-config>
      <form-login-page>/display.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
      </form-login-config>
      </login-config>
      is forcing it to go to the pages display.jsp
      instead it should go
      to NameAction java file which extends Action and based on the logic there
      i should go to the required success or error page
      and iam not understanding the importance of <form-login-config>
      like if i remove the lines
      <form-login-config>
      <form-login-page>/display.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
      </form-login-config>
      </login-config>

      i get the exceptions


      18:59:15,687 WARN [FormAuthenticator] Unexpected error forwarding to login page
      java.lang.NullPointerException
      at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:238)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
      at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
      at java.lang.Thread.run(Thread.java:595)


      Could you please help me resolve this
      Note: The switching to https is happening the only thing is iam not getting the required result

      Regards
      Bhanu

        • 1. Re: Problem in http to https switching in struts
          j2ee_junkie

          Bhanu,

          When a user requests a secured resource (as configured in web.xml with security-constraints element), the form authentication mechanism will forward user to form-login-page element value. In your case that is the /display.jsp page. This page should contain a login form presenting the username and password testboxes to user. Submitting this form should go to j_security_check action. If user sucessfully authenticates, they are forwarded to orginally requested url. If fail, forwarded to form-error-page element. In your case /error.jsp.

          NameAction can not be the action that is used to authenticate if using form based authentication with container managed security.

          cgriffith

          • 2. Re: Problem in http to https switching in struts
            jukcoder

            You need to pre-touch or trigger jass logging module before going to login page. The best way to this is to create a protected resource . As you call this protected resource you will be redirected to the login page

            • 3. Re: Problem in http to https switching in struts
              cool_bhanu

              Cgriffith,
              So will it not be possible for me to check for the credential
              in NameAction and if the credential are correct it should go to success page or error page with https switched on.
              I wanted to ask if any other mechanism exist In struts where iam not using
              form authentication and still iam able to switch to https if the login
              credential are correct.
              Please do let me know

              Thanks
              Bhanu

              • 4. Re: Problem in http to https switching in struts
                j2ee_junkie

                With container managed authentication, all the authentication stuff happens before a request hits your application. So the answer is no. To get a better understanding of CMA, see the servlet spec. at http://java.sun.com/products/servlet/download.html.
                Also, the JBoss server guide has a great descriiption of configuration at
                http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html.

                enjoy, cgriffith