Problems with FORM Authentication
degriffing Feb 18, 2004 11:18 AMI am using JBoss 3.2.3 and having problems with FORM authentication. I am using a custom login module that extends UsernamePasswordLoginModule. When I use BASIC authentication, everything behaves as expected. When I change to FORM authentication, none of the methods in my custom module are invoked so the user does not get authenticated. Below are snippets of the configuration files. What do I need to do to get FORM authentication working?
login-config.xml
<application-policy name = "client-login"> <authentication> <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"> </login-module> <login-module code = "com.fdsolutions.security.module.LoginModule" flag = "required"> </login-module> </authentication> </application-policy>
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd"> <jboss-web> <security-domain>java:/jaas/client-login</security-domain> <context-root>/myapp</context-root> <!-- Resource Environment References --> <!-- Resource references --> <!-- EJB References --> </jboss-web>
web.xml
<security-constraint> <display-name>Server Configuration Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>*.jsp</url-pattern> <url-pattern>*.do</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>FDS</realm-name> <!-- <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login-error.html</form-error-page> </form-login-config> --> </login-config> <security-role> <description>The role that is required to log in to the application</description> <role-name>user</role-name> </security-role>