Help! Form-based authentication
nikhilkumar May 4, 2004 10:26 AMI have been trying to implement form-based authentication. The platform is JBOSS 3.2.3 on Windows XP Home edition. I am seeking help! - suggestions, debug recommendations, obvious things missing.
1. My expectations:
I expect that when I access a restricted resource I will be sent to the Login.jsp. If I correctly fill in the UserID and password, I will be routed to the restricted resource. If the login fails, I will be routed to the Error.htm.
2. What happens:
I am routed to the Login.jsp (correct) but the login always routes me to the Error.htm page.
The current setup:
1. login-conf (located in\jboss\jboss-3.2.3\server\default\conf)
<!-- A template configuration for the AES ial web application. This
defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name = "ial">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>
2. The web.xml (located in the WAR location of ial\web\WEB-INF)
<web-app>
<!--
- Deployment descriptor for an authenticated
- section of the web site.
-->
<display-name>ial</display-name>
"test"
<welcome-file-list>
<welcome-file>index.htm</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
Declarative security
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ial</role-name>
</auth-constraint>
<user-data-constraint>
No descrp
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ial</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.htm</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>ial</role-name>
</security-role>
</web-app>
3. The jboss-web.xml (same location as web.xml)
<jboss-web>
<context-root>/ial/web-app</context-root>
<!-- Uncomment this element to add security for the application -->
<security-domain>java:/jaas/ial</security-domain>
</jboss-web>
4. The application.xml located in ial\META-INF
5. The jboss-app.xmllocated in ial\META-INF
<jboss-app />
6. The user.properties and the roles.properties files contents respectively (located in jboss\jboss-3.2.3\server\default\conf)
# A roles.properties file for use with the UsersRolesLoginModule
#
# Format is
#
# username=role1,role2,role3
nikhil=ial
# users.properties file for use with the UsersRolesLoginModule
# Format is:
#
# username=password
nikhil=test
7. The HTML code for login.jsp is
User:
Password :
<input type=submit value="Login">