Using JAAS for authentication ignores
toolsrme Apr 24, 2008 8:38 PMI have the following set up in my components.xml:
<security:identity jaas-config-name="ActiveDirectory" remember-me="true"/>
I also have the following entries in my pages.xml file:
<exception class="org.jboss.seam.security.AuthorizationException"> <redirect view-id="/Error.xhtml"> <message>You do not have the necessary security privileges to perform this action.</message> </redirect> </exception> <exception class="org.jboss.seam.security.NotLoggedInException"> <redirect view-id="/Login.xhtml"> <message>You must be logged in to perform this action.</message> </redirect> </exception> <exception class="javax.faces.application.ViewExpiredException"> <redirect view-id="/Error.xhtml"> <message>Your session has timed out, please try again.</message> </redirect> </exception> <exception> <redirect view-id="/Error.xhtml"> <message>Unexpected error, please try again</message> </redirect> </exception>
I also have an entry in my JBoss 4.2.2 GA servers login-config.xml like the following:
<application-policy name="ActiveDirectory"> <authentication> <login-module code="org.jboss.security.ClientLoginModule" flag="required"/> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name="java.naming.provider.url">ldap://domain.company.com:389/</module-option> <module-option name="uidAttributeID">cn</module-option> <module-option name="roleAttributeID">memberOf</module-option> <module-option name="roleAttributeIsDN">true</module-option> <module-option name="roleNameAttributeID">name</module-option> <module-option name="rolesCtxDN">OU=UserOU,DC=DOMAIN,DC=COMPANY,DC=COM</module-option> <module-option name="principalDNSuffix">@DOMAIN.COMPANY.COM</module-option> </login-module> </authentication> </application-policy>
Authentication works fine and identity is set up correctly regardless if I enter my userid and password correctly or not. (i.e. identity isloggedin is false when I use the wrong id/password and true when I use the correct id/password)
The problem is that if I enter my id and password incorrectly, I never see or get taken to and error page. I just end up going back to my index page. Nothing regarding an authentication error gets logged either.
Have I done something wrong or am I still just missing something?
Thanks,
David