-
1. Re: Making a login form
juha Mar 12, 2004 3:43 AM (in response to lords_diakonos)<form action='j_security_check' method='POST'> <table> <tr><td>User:<td><input name='j_username'> <tr><td>Password:<td><input name='j_password'> <tr><td><input type=submit> </table> </form>
-
2. Re: Making a login form
lords_diakonos Mar 12, 2004 5:48 AM (in response to lords_diakonos)I actually did this but it still didn't work. I am using the browseldapmodule to authenticate with Active Directory. I have an index.html page that points to a servlet with the url mapping of /message
when you try to access /message the login form comes up. What do I set the action of the login form to be? -
3. Re: Making a login form
juha Mar 12, 2004 5:55 AM (in response to lords_diakonos)The action is "j_security_check" that is recognized by your servlet container as an authentication form.
-
4. Re: Making a login form
alisson Mar 12, 2004 8:23 AM (in response to lords_diakonos)I've done my form as yours, but the users are not authenticated, even my loginError.jsp is called. Should I import some package from login.jsp or loginError.jsp? See my configurations:
web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Pages</web-resource-name>
<url-pattern>/cadastro/web/ConsultaAluno.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>professor</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
Grupo dos professores
<role-name>professor</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<!-- ExampleRealm is defined in login-config.xml -->
<realm-name>testeSec</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
login-config.xml:
<application-policy name = "jmx-console">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>
<application-policy name = "testeSec">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name="dsJndiName">java:/AcademicoDB</module-option>
<module-option name="principalsQuery">select passwd from users where username=?</module-option>
<module-option name="rolesQuery">select userRoles, roleGroup from userroles where username=?</module-option>
</login-module>
</application-policy> -
5. Re: Making a login form
lords_diakonos Mar 12, 2004 9:02 AM (in response to lords_diakonos)Juha,
I did that but I get a 404 error and my username and password are being passed in the url here is what I am getting.
http://localhost:8080/WebMessage/j_security_check%20METHOD=?j_username=xxxxx&j_password=xxxx&Login=Submit -
6. Re: Making a login form
lords_diakonos Mar 12, 2004 9:04 AM (in response to lords_diakonos)Sorry fo rthe double posting I wanted to explain what I am trying to accomplish. I need to get the username in my servlet after the user logs in. I am using Basic authentication but I am not sure how to get the username I thought with a form I could pass it as a parameter to the servlet.
-
7. Re: Making a login form
starksm64 Mar 12, 2004 9:28 AM (in response to lords_diakonos)import java.security.Principal; public class SnoopServlet extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // getUserPrincipal returns non-null only when the servlet is secured Principal user = request.getUserPrincipal(); String username = user.getName(); } }
-
8. Re: Making a login form
lords_diakonos Mar 12, 2004 9:38 AM (in response to lords_diakonos)It is not working :-( here are the sniplets from my code
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException { // String username = request.getParameter("j_username"); Principal user = request.getUserPrincipal(); String username = user.getName(); String message; message = processRequest(request); generateResponse(message, username, response); }
private void generateResponse(String message, String username, HttpServletResponse response) throws IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<HTML>"); out.println("<HEAD>"); out.println("<TITLE>Message Servlet</TITLE>"); out.println("</HEAD>"); out.println("<BODY BGCOLOR=\"white\">"); out.println("Hi" + username); out.println("The message is: <BR>"); out.println("<BLOCKQUOTE><B>" + message + "<B></BLOCKQUOTE>"); out.println("</BODY>"); out.println("</HTML>"); out.close(); }
-
9. Re: Making a login form
lords_diakonos Mar 12, 2004 9:51 AM (in response to lords_diakonos)starksm,
That works for BASIC but not for FORM authentication. -
10. Re: Making a login form
starksm64 Mar 14, 2004 10:05 AM (in response to lords_diakonos)Access to the getUserPrincipal does not depend on the auth method used. It works for basic and form auth.
-
11. Re: Making a login form
lords_diakonos Mar 15, 2004 9:55 AM (in response to lords_diakonos)OK this is wierd. When I change my login to FORM authentication instead of BASIC The page doesn't display the username with the code below but if I don't cloas ethe browser and I go back and access my servlet again it shows my username.
import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; // Support classes import java.io.IOException; import java.io.PrintWriter; import java.security.Principal; public class MessageServlet extends HttpServlet { ... // Handle the GET HTTP Method public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { String username = ""; String message; message = processRequest(request); generateResponse(message, username, response); } // Handle the POST HTTP Method public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException { // String username = request.getParameter("j_username"); Principal user = request.getUserPrincipal(); String username = user.getName(); String message; message = processRequest(request); generateResponse(message, username, response); } // Process the request private String processRequest(HttpServletRequest request) { ... int msg_index = (int) (Math.random() * list.length); return list[msg_index]; } // Generate the HTML response private void generateResponse(String message, String username, HttpServletResponse response) throws IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<HTML>"); out.println("<HEAD>"); out.println("<TITLE>Message Servlet</TITLE>"); out.println("</HEAD>"); out.println("<BODY BGCOLOR=\"white\">"); out.println("Hi " + username); out.println("Your message is: <BR>"); out.println("<BLOCKQUOTE><B>" + message + "<B></BLOCKQUOTE>"); out.println("</BODY>"); out.println("</HTML>"); out.close(); } }
-
12. Re: Making a login form
lords_diakonos Mar 15, 2004 3:32 PM (in response to lords_diakonos)For anyone interested I solved it. I needed to add
Principal user = request.getUserPrincipal(); String username = user.getName(); in the doGet method