LDAP is giving error : Invalid direct reference to form logi
I am trying to develop a sample application and authenticating it using Apache LDAP Server. Here are my enteries for login-config.xml file
<application-policy name="MoITWeb"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name="java.naming.factory.initial"> com.sun.jndi.ldap.LdapCtxFactory </module-option> <module-option name="java.naming.provider.url"> ldap://localhost:10389/ </module-option> <module-option name="java.naming.security.authentication"> simple </module-option> <module-option name="java.naming.security.credentials"> clear-text password </module-option> <module-option name="principalDNPrefix">uid=</module-option> <module-option name="principalDNSuffix"> ,ou=People,dc=example,dc=com </module-option> <module-option name="rolesCtxDN"> ou=Roles,dc=example,dc=com </module-option> <module-option name="uidAttributeID">member</module-option> <module-option name="matchOnUserDN">true</module-option> <module-option name="roleAttributeID">cn</module-option> <module-option name="roleAttributeIsDN">false</module-option> <module-option name="searchTimeLimit">5000</module-option> <module-option name="searchScope">ONELEVEL_SCOPE</module-option> </login-module> </authentication> </application-policy>
My web.xml file is this
<web-app> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <security-constraint> <display-name>ValidUser</display-name> <web-resource-collection> <web-resource-name>Resources</web-resource-name> <url-pattern>/security/success.jsp</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <description>ValidUser</description> <!--<role-name>ValidUser</role-name>--> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Setup(admin) Section</web-resource-name> <description>For all authorized user</description> <url-pattern>/security/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <description> Allow access for both default and enterprise users </description> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint> <security-role> <description>ValidUser</description> <role-name>JBossAdmin</role-name> </security-role> <login-config> <auth-method>FORM</auth-method> <realm-name>MoITWeb</realm-name> <form-login-config> <form-login-page>/security/login.jsp</form-login-page> <form-error-page>/security/error.jsp</form-error-page> </form-login-config> </login-config> </web-app>here are my pages
index.jsp
/security/login.jsp
/security/error.jsp
/security/succss.jsp
here is code for login.jsp
<form method="POST" action='<%=response.encodeURL("j_security_check")%>' >
<table cellpadding="2" border="0" cellspacing="0">
<tr>
<td align="right">Username:</td>
<td align="left"><input type="text" name="j_username" size="20"></td>
</tr>
<tr>
<td align="right">Password:</td>
<td align="left"><input type="password" name="j_password" size="20"></td>
</tr>
<tr>
<td align="right"><input type="submit" value="Log In"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
</form>I have set the security domain in jboss-web.xml
as
<jboss-web> <security-domain>java:/jaas/MoITWeb</security-domain> </jboss-web>
Where ever i try to run the application, login page appears. I have give user and password, If password is woring I am redirected to error.jsp, but if both user name and password are correct server gives an error
Invalid direct reference to form login page
The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).
I am trying to solve this issue from last 5 days but unable to find any solution.
