-
1. Re: Forcing login page
Here's some added details
I downloaded the zip and unpacked Jboss 2.4.0beta1 and did the same for my Jboss AS. Im using it on Windows XP professional SP1.
Right now I'm not using a database and am sticking to user/user and admin/admin to log in... so no JDBC Connector either...
I can bypass the login page by going to a link of another page... for example... by default i am getting a login page for http://localhost:8080/portal but no login for the news page http://localhost:8080/portal/portal/default/News. The badlogin.jsp page pops up correctly when I type in the wrong username and password...
Any help is appreciated.
Here's my web.xml file ...
/*****start*****/
<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
IMS Portal
<!-- Comment/Uncomment to enable portal session replication
-->
<!-- The portal servlet is the main entrance point -->
<servlet-name>PortalServletWithPathMapping</servlet-name>
<servlet-class>org.jboss.portal.server.servlet.PortalServlet</servlet-class>
<init-param>
<param-name>asDefaultServlet</param-name>
<param-value>false</param-value>
The servlet needs to know wether it is set as a default servlet or
not
</init-param>
<init-param>
<param-name>controllerName</param-name>
<param-value>portal:controller=Request</param-value>
The request controller for the portal servlet
</init-param>
<load-on-startup>0</load-on-startup>
<security-role-ref>
<role-name>Authenticated</role-name>
<role-link>Authenticated</role-link>
</security-role-ref>
<!-- The portal servlet is the main entrance point -->
<servlet-name>PortalServletWithDefaultServletMapping</servlet-name>
<servlet-class>org.jboss.portal.server.servlet.PortalServlet</servlet-class>
<init-param>
<param-name>asDefaultServlet</param-name>
<param-value>true</param-value>
The servlet needs to know wether it is set as a default servlet or
not
</init-param>
<init-param>
<param-name>controllerName</param-name>
<param-value>portal:controller=Request</param-value>
The request controller for the portal servlet
</init-param>
<load-on-startup>0</load-on-startup>
<security-role-ref>
<role-name>Authenticated</role-name>
<role-link>Authenticated</role-link>
</security-role-ref>
<!-- Provide access to unauthenticated users -->
<servlet-mapping>
<servlet-name>PortalServletWithPathMapping</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<!-- Provide secure access to unauthenticated users -->
<servlet-mapping>
<servlet-name>PortalServletWithPathMapping</servlet-name>
<url-pattern>/sec/*</url-pattern>
</servlet-mapping>
<!-- Provide access to authenticated users -->
<servlet-mapping>
<servlet-name>PortalServletWithPathMapping</servlet-name>
<url-pattern>/auth/*</url-pattern>
</servlet-mapping>
<!-- Provide secure access to authenticated users -->
<servlet-mapping>
<servlet-name>PortalServletWithPathMapping</servlet-name>
<url-pattern>/authsec/*</url-pattern>
</servlet-mapping>
<!-- Force the mapping of the index.jsp -->
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>/login.jsp</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>/error.jsp</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>jsp</servlet-name>
<url-pattern>/badlogin.jsp</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>15</session-timeout>
</session-config>
<!--
| JDBC usage must be done with
| DataSource ds = (DataSource)ctx.lookup("java:comp/env/jdbc/PortalDS";
-->
<resource-ref>
<res-ref-name>jdbc/PortalDS</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Authenticated</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure</web-resource-name>
<url-pattern>/sec/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure+Authenticated</web-resource-name>
<url-pattern>/authsec/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Authenticated</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!--
| Uncomment to use BASIC authentication scheme. Don't forget to comment other
| form authentication.
-->
<!--
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>IMS Portal</realm-name>
</login-config>
-->
<!--
| Uncomment to use FORM authentication scheme. Don't forget to comment other
| form authentication.
-->
<!--
-->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>IMS Portal</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/badlogin.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>Authenticated</role-name>
</security-role>
</web-app>
/****end****/ -
2. Re: Forcing login page
Would the ForceLoginPage in the Jboss Wiki be applicable to Jboss 2.4.0 CR1? If so, has anyone had favorable results?