2 Replies Latest reply on May 22, 2009 9:44 AM by abickford4523

form-error-page not working

abickford4523 May 21, 2009 3:41 PM

Hello,

I've created a custom login module that implements javax.security.auth.spi.LoginModule. My login module works great when the user provides valid credentials, but when the user does not provide valid credentials the are bounced to a standard 403 error page, not the error page I've specified in web.xml. The relevant section of my web.xml looks like this:

<login-config>
 <auth-method>FORM</auth-method>
 <form-login-config>
 <form-login-page>/login.jsp</form-login-page>
 <form-error-page>/loginError.jsp</form-error-page>
 </form-login-config>
</login-config>

Any idea why my form-error-page is not being honored? Also, I tried enabling extra logging per item #4 in the SecurityFAQ but I didn't see any extra logging printed out anywhere. I'm using JBossAS-5.0.1.

1. Re: form-error-page not working

grigoresculiviu May 22, 2009 3:52 AM (in response to abickford4523)

Check here for a sample that does exactly what you need.
You can download sources and check for differences with your app.
Actions
2. Re: form-error-page not working

abickford4523 May 22, 2009 9:44 AM (in response to abickford4523)

Cool, thanks. I'll check it out. I think I might have figured out my problem though. If the user authentication failed in the login() method, I was returning false, but I wasn't throwing a new LoginException which is apparently what triggers abort() being called and the appropriate actions being taken to redirect the user to the form-error-page. It's still not clear to me if this is the correct course of action since it's not clear in the specs, but it seems to work.
Actions

Go to original post