Hello,
can someone help me to understand the authentication mechanism?
I've deployed a custom portal and now I wish to add a login feature using the same authentication method of the UserPortlet but without using it (because I don't want "guests" registers their own accounts).
I wrote a login.jsp and a loginfailure.jsp and I added the following lines to my web.xml:
<resource-ref> <res-ref-name>jdbc/PortalDS</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> <security-constraint> <web-resource-collection> <web-resource-name>Authenticated</web-resource-name> <description/> <url-pattern>/auth/*</url-pattern> </web-resource-collection> <auth-constraint> <description/> <role-name>Authenticated</role-name> </auth-constraint> </security-constraint> <security-role> <description/> <role-name>Authenticated</role-name> </security-role> <login-config> <auth-method>FORM</auth-method> <realm-name>JBoss Portal</realm-name> <form-login-config> <form-login-page>/jsp/login.jsp</form-login-page> <form-error-page>/jsp/loginfailed.jsp</form-error-page> </form-login-config> </login-config>
I'm using the default login/error pages with this URL
http://localhost:8080/auth/portal/portal/mycustomportal/