2 Replies Latest reply on Apr 25, 2008 3:44 PM by toolsrme

Using JAAS for authentication ignores

toolsrme Apr 24, 2008 8:38 PM

I have the following set up in my components.xml:

<security:identity jaas-config-name="ActiveDirectory" remember-me="true"/>

I also have the following entries in my pages.xml file:

<exception class="org.jboss.seam.security.AuthorizationException">
  <redirect view-id="/Error.xhtml">
    <message>You do not have the necessary security privileges to perform this action.</message>
  </redirect>
</exception>

<exception class="org.jboss.seam.security.NotLoggedInException">
  <redirect view-id="/Login.xhtml">
    <message>You must be logged in to perform this action.</message>
  </redirect>
</exception>

<exception class="javax.faces.application.ViewExpiredException">
  <redirect view-id="/Error.xhtml">
    <message>Your session has timed out, please try again.</message>
  </redirect>
</exception>

<exception>
  <redirect view-id="/Error.xhtml">
    <message>Unexpected error, please try again</message>
  </redirect>
</exception>

I also have an entry in my JBoss 4.2.2 GA servers login-config.xml like the following:

<application-policy name="ActiveDirectory">
  <authentication>
    <login-module code="org.jboss.security.ClientLoginModule" flag="required"/>
    <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
      <module-option name="java.naming.provider.url">ldap://domain.company.com:389/</module-option>
      <module-option name="uidAttributeID">cn</module-option>
      <module-option name="roleAttributeID">memberOf</module-option>
      <module-option name="roleAttributeIsDN">true</module-option>
      <module-option name="roleNameAttributeID">name</module-option>
      <module-option name="rolesCtxDN">OU=UserOU,DC=DOMAIN,DC=COMPANY,DC=COM</module-option>
      <module-option name="principalDNSuffix">@DOMAIN.COMPANY.COM</module-option>
    </login-module>
  </authentication>
</application-policy>

Authentication works fine and identity is set up correctly regardless if I enter my userid and password correctly or not. (i.e. identity isloggedin is false when I use the wrong id/password and true when I use the correct id/password)

The problem is that if I enter my id and password incorrectly, I never see or get taken to and error page. I just end up going back to my index page. Nothing regarding an authentication error gets logged either.

Have I done something wrong or am I still just missing something?

Thanks,
David

1. Re: Using JAAS for authentication ignores

franciscoacb Apr 25, 2008 3:04 PM (in response to toolsrme)
Hi.

I also use jaas-config-name and also have a

<exception class="org.jboss.seam.security.AuthorizationException"> <redirect view-id="/error.xhtml"> <message>Sem permissão de acesso.</message> </redirect> </exception>

in pages.xml.

But the only way I obtain an error message when I enter username and/or password incorrectly is when I set the org.jboss.seam.loginFailed key with a message, in messages.properties.

HTH.

Francisco Antônio.

The biggest weapon against stress is our ability to choose a thought instead of another one. (WILLIAM JAMES)
Actions
2. Re: Using JAAS for authentication ignores

toolsrme Apr 25, 2008 3:44 PM (in response to toolsrme)

Thanks. I will try that.

So are you saying that having an entry in the messages.properties file allows the redirect to work correctly?

I had cleared that line out in the messages.properties file because I do not like that popping up in my JSF messages tag but wanted it to redirect to another page instead.

Thanks,
David
Actions

Go to original post