-
1. FORM login doesn't stick
sweber Nov 6, 2002 6:35 PM (in response to sweber)Hrm, never mind, I rolled back to BASIC authentication and found that multiple security-constraints work great. The issue I am seeing is that my FORM authentication is only appearing to work, that is, it will let me log in once, and even show me the page I requested, but as soon as I navigate to any other page (regardless of whether it is in the same context) I am forced to re-present my credentials. All else remaining equal, when I edit web.xml and change
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>other</realm-name>
</login-config>
to
<login-config>
<auth-method>FORM</auth-method>
<realm-name>other</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/fail_login.html</form-error-page>
</form-login-config>
</login-config>
I can trigger the login page by either refreshing the current page (certain pages always refresh fine, others always force me to re-login) or browsing to a new page.
My login.jsp is painfully simple:
Please log in:
UserName:
Password:
When I log in, I see the following on the console:
14:39:48,919 DEBUG [JBossUserRealm#other] JBossUserPrincipal: admin
14:39:48,919 DEBUG [JBossUserRealm#other] created JBossUserRealm::JBossUserPrincipal: admin
14:39:48,919 DEBUG [JBossUserRealm#other] authenticating: Name:admin Password:****
14:39:48,965 DEBUG [JBossUserRealm#other] authenticated: admin
14:39:48,965 DEBUG [JBossUserRealm#other] setting JAAS subjectAttributeName(j_subject) : Subject:
Principal: admin
Principal: Roles
I am then redirected to the login_failed page.(!?) But when I browse from there to another page in the site, I am shown the requested page, and I see the following on the console:
14:40:34,653 DEBUG [JBossUserRealm#other] authenticating: Name:admin Password:****
14:40:34,653 DEBUG [JBossUserRealm#other] authenticated: admin
JBossUserPrincipal: admin is NOT in Role: Author
14:40:34,653 DEBUG [JBossUserRealm#other] JBossUserPrincipal: admin is NOT in Role: Designer
14:40:34,653 DEBUG [JBossUserRealm#other] JBossUserPrincipal: admin is in Role:Administrator
So I *have* logged in... or haven't I? I am using the following to trace what is going on... any other classes I should be looking at?
thanks in advance... -
2. Re: Securing multiple web resources
sweber Nov 7, 2002 2:53 PM (in response to sweber)gah, i suck, i had a call to session.invalidate() in a few key jsps. operator error! everything works as expected.
ciao
s. -
3. Re: Securing multiple web resources
sweber Nov 7, 2002 3:55 PM (in response to sweber)hm, the board ate my final post, so i will re-post. the problem was of course operator error -- i had calls to session.invalidate() in certain jsps. everything works as expected.