2 Replies Latest reply on Jul 8, 2006 2:56 PM by shiv b

    Forcing login page

    shiv b Newbie

      I've followed all the instructions on

      http://wiki.jboss.org/wiki/Wiki.jsp?page=ForceLoginPage and http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3897840#3897840

      but it doesn't seem to have any effect... any suggestions? I'm using Jboss Portal 2.4.0 and Jboss 4.0.4 GA
      Thanks...

        • 1. Re: Forcing login page
          shiv b Newbie

          Here's some added details

          I downloaded the zip and unpacked Jboss 2.4.0beta1 and did the same for my Jboss AS. Im using it on Windows XP professional SP1.
          Right now I'm not using a database and am sticking to user/user and admin/admin to log in... so no JDBC Connector either...

          I can bypass the login page by going to a link of another page... for example... by default i am getting a login page for http://localhost:8080/portal but no login for the news page http://localhost:8080/portal/portal/default/News. The badlogin.jsp page pops up correctly when I type in the wrong username and password...
          Any help is appreciated.

          Here's my web.xml file ...

          /*****start*****/
          <?xml version="1.0"?>
          <!DOCTYPE web-app PUBLIC
          "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
          "http://java.sun.com/dtd/web-app_2_3.dtd">
          <web-app>
          IMS Portal
          <!-- Comment/Uncomment to enable portal session replication

          -->

          <!-- The portal servlet is the main entrance point -->

          <servlet-name>PortalServletWithPathMapping</servlet-name>
          <servlet-class>org.jboss.portal.server.servlet.PortalServlet</servlet-class>
          <init-param>
          <param-name>asDefaultServlet</param-name>
          <param-value>false</param-value>
          The servlet needs to know wether it is set as a default servlet or

          not
          </init-param>
          <init-param>
          <param-name>controllerName</param-name>
          <param-value>portal:controller=Request</param-value>
          The request controller for the portal servlet
          </init-param>
          <load-on-startup>0</load-on-startup>
          <security-role-ref>
          <role-name>Authenticated</role-name>
          <role-link>Authenticated</role-link>
          </security-role-ref>


          <!-- The portal servlet is the main entrance point -->

          <servlet-name>PortalServletWithDefaultServletMapping</servlet-name>
          <servlet-class>org.jboss.portal.server.servlet.PortalServlet</servlet-class>
          <init-param>
          <param-name>asDefaultServlet</param-name>
          <param-value>true</param-value>
          The servlet needs to know wether it is set as a default servlet or

          not
          </init-param>
          <init-param>
          <param-name>controllerName</param-name>
          <param-value>portal:controller=Request</param-value>
          The request controller for the portal servlet
          </init-param>
          <load-on-startup>0</load-on-startup>
          <security-role-ref>
          <role-name>Authenticated</role-name>
          <role-link>Authenticated</role-link>
          </security-role-ref>


          <!-- Provide access to unauthenticated users -->
          <servlet-mapping>
          <servlet-name>PortalServletWithPathMapping</servlet-name>
          <url-pattern>/*</url-pattern>
          </servlet-mapping>

          <!-- Provide secure access to unauthenticated users -->
          <servlet-mapping>
          <servlet-name>PortalServletWithPathMapping</servlet-name>
          <url-pattern>/sec/*</url-pattern>
          </servlet-mapping>

          <!-- Provide access to authenticated users -->
          <servlet-mapping>
          <servlet-name>PortalServletWithPathMapping</servlet-name>
          <url-pattern>/auth/*</url-pattern>
          </servlet-mapping>

          <!-- Provide secure access to authenticated users -->
          <servlet-mapping>
          <servlet-name>PortalServletWithPathMapping</servlet-name>
          <url-pattern>/authsec/*</url-pattern>
          </servlet-mapping>

          <!-- Force the mapping of the index.jsp -->
          <servlet-mapping>
          <servlet-name>jsp</servlet-name>
          <url-pattern>/login.jsp</url-pattern>
          </servlet-mapping>
          <servlet-mapping>
          <servlet-name>jsp</servlet-name>
          <url-pattern>/error.jsp</url-pattern>
          </servlet-mapping>
          <servlet-mapping>
          <servlet-name>jsp</servlet-name>
          <url-pattern>/badlogin.jsp</url-pattern>
          </servlet-mapping>

          <session-config>
          <session-timeout>15</session-timeout>
          </session-config>

          <!--
          | JDBC usage must be done with
          | DataSource ds = (DataSource)ctx.lookup("java:comp/env/jdbc/PortalDS";
          -->
          <resource-ref>
          <res-ref-name>jdbc/PortalDS</res-ref-name>
          <res-type>javax.sql.DataSource</res-type>
          <res-auth>Container</res-auth>
          <res-sharing-scope>Shareable</res-sharing-scope>
          </resource-ref>

          <security-constraint>
          <web-resource-collection>
          <web-resource-name>Authenticated</web-resource-name>

          <url-pattern>/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
          <role-name>Authenticated</role-name>
          </auth-constraint>
          </security-constraint>

          <security-constraint>
          <web-resource-collection>
          <web-resource-name>Secure</web-resource-name>
          <url-pattern>/sec/*</url-pattern>
          </web-resource-collection>
          <user-data-constraint>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
          </user-data-constraint>
          </security-constraint>

          <security-constraint>
          <web-resource-collection>
          <web-resource-name>Secure+Authenticated</web-resource-name>
          <url-pattern>/authsec/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
          <role-name>Authenticated</role-name>
          </auth-constraint>
          <user-data-constraint>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
          </user-data-constraint>
          </security-constraint>

          <!--
          | Uncomment to use BASIC authentication scheme. Don't forget to comment other
          | form authentication.
          -->
          <!--
          <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>IMS Portal</realm-name>
          </login-config>
          -->

          <!--
          | Uncomment to use FORM authentication scheme. Don't forget to comment other
          | form authentication.
          -->
          <!--
          -->
          <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>IMS Portal</realm-name>
          <form-login-config>
          <form-login-page>/login.jsp</form-login-page>
          <form-error-page>/badlogin.jsp</form-error-page>
          </form-login-config>
          </login-config>

          <security-role>
          <role-name>Authenticated</role-name>
          </security-role>
          </web-app>

          /****end****/

          • 2. Re: Forcing login page
            shiv b Newbie

            Would the ForceLoginPage in the Jboss Wiki be applicable to Jboss 2.4.0 CR1? If so, has anyone had favorable results?