-
1. Re: Authentification Struts (J_security_check)
j2ee_junkie Feb 2, 2006 10:14 AM (in response to cirdec)Cirdec,
Assuming you are using Tomcat deployed in JBoss, j_security_check is implemented by container and does not need to be deployed. Just create a form in you application as a "login form" with action = j_security_check and posts a j_username and j_password. Finally, you must specify in your web.xml auth-method = FORM with login-page = to "login form".
Let me know if this is still a confusion. -
2. Re: Authentification Struts (J_security_check)
cirdec Feb 2, 2006 10:22 AM (in response to cirdec)I've done some stuff on it. Let me show you my source code.
Here is the Login.jsp :<form action="j_security_check" method="post"> <table border="0"> <tr> <td>Login: <input type="text" name="j_username" class="txt" /></td> </tr> <tr> <td>Password: <input type="password" name="j_password" class="txt" /></td> </tr> <tr> <td align="center"><html:submit /></td> </tr> </table> </form>
Here is my web.xml :<security-constraint> <web-resource-collection> <web-resource-name>Client</web-resource-name> <description>Security access default</description> <url-pattern>/jsp/Client/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>client</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Administrator</web-resource-name> <description>Security access for Admin</description> <url-pattern>/jsp/Genre/addGenre.jsp</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>Mp3sil secure access</realm-name> <form-login-config> <form-login-page>/jsp/Login/Login.jsp</form-login-page> <form-error-page>/jsp/Login/LoginError.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>client</role-name> </security-role> <security-role> <role-name>admin</role-name> </security-role>
Here is my jboss-web.xml :<jboss-web> <security-domain>java:/jaas/login</security-domain> </jboss-web>
But now, I don't understand how to make the LoginModule (I guess i've to do it).
Could you explain me how to do all this stuff?
Thanx,
Cedric -
3. Re: Authentification Struts (J_security_check)
j2ee_junkie Feb 2, 2006 10:35 AM (in response to cirdec)So far so good. Now read how to specify what login modules you want to stack under domain "login". This is nicely detailed in chapter 8 in jboss server guide. As for how to make a login module, read the above as well as Java's loginmodule guide a http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASLMDevGuide.html
enjoy! -
4. Re: Authentification Struts (J_security_check)
cirdec Feb 2, 2006 11:03 AM (in response to cirdec)I wanna verify the password of my form with the one in my database. Is it the same way to do it?
-
5. Re: Authentification Struts (J_security_check)
j2ee_junkie Feb 2, 2006 11:25 AM (in response to cirdec)Then you would be interested in using JBoss's DatabaseServerLoginModule.
-
6. Re: Authentification Struts (J_security_check)
cirdec Feb 2, 2006 11:43 AM (in response to cirdec)Do you know where i can find a documentation or a tutorial about the DatabaseServerLoginModule. I don't quite understand the mechanism.
Thanx. -
7. Re: Authentification Struts (J_security_check)
tzablock Feb 6, 2006 7:42 AM (in response to cirdec)Under this URL you will find a desired LoginModule specs:
http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html
Good luck -
8. Re: Authentification Struts (J_security_check)
cirdec Feb 6, 2006 7:45 AM (in response to cirdec)Thanx, I'm gonna check it.