2 Replies Latest reply on Apr 25, 2008 3:44 PM by David Reed

    Using JAAS for authentication ignores

    David Reed Newbie

      I have the following set up in my components.xml:


      <security:identity jaas-config-name="ActiveDirectory" remember-me="true"/>



      I also have the following entries in my pages.xml file:


      <exception class="org.jboss.seam.security.AuthorizationException">
        <redirect view-id="/Error.xhtml">
          <message>You do not have the necessary security privileges to perform this action.</message>
        </redirect>
      </exception>
      
      <exception class="org.jboss.seam.security.NotLoggedInException">
        <redirect view-id="/Login.xhtml">
          <message>You must be logged in to perform this action.</message>
        </redirect>
      </exception>
      
      <exception class="javax.faces.application.ViewExpiredException">
        <redirect view-id="/Error.xhtml">
          <message>Your session has timed out, please try again.</message>
        </redirect>
      </exception>
      
      <exception>
        <redirect view-id="/Error.xhtml">
          <message>Unexpected error, please try again</message>
        </redirect>
      </exception>



      I also have an entry in my JBoss 4.2.2 GA servers login-config.xml like the following:



      <application-policy name="ActiveDirectory">
        <authentication>
          <login-module code="org.jboss.security.ClientLoginModule" flag="required"/>
          <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
            <module-option name="java.naming.provider.url">ldap://domain.company.com:389/</module-option>
            <module-option name="uidAttributeID">cn</module-option>
            <module-option name="roleAttributeID">memberOf</module-option>
            <module-option name="roleAttributeIsDN">true</module-option>
            <module-option name="roleNameAttributeID">name</module-option>
            <module-option name="rolesCtxDN">OU=UserOU,DC=DOMAIN,DC=COMPANY,DC=COM</module-option>
            <module-option name="principalDNSuffix">@DOMAIN.COMPANY.COM</module-option>
          </login-module>
        </authentication>
      </application-policy>



      Authentication works fine and identity is set up correctly regardless if I enter my userid and password correctly or not.  (i.e. identity isloggedin is false when I use the wrong id/password and true when I use the correct id/password)


      The problem is that if I enter my id and password incorrectly, I never see or get taken to and error page.  I just end up going back to my index page.  Nothing regarding an authentication error gets logged either.


      Have I done something wrong or am I still just missing something?


      Thanks,
      David


        • 1. Re: Using JAAS for authentication ignores
          Francisco Antônio Newbie

          Hi.


          I also use jaas-config-name and also have a



              <exception class="org.jboss.seam.security.AuthorizationException">
                  <redirect view-id="/error.xhtml">
                      <message>Sem permissão de acesso.</message>
                  </redirect>
              </exception>



          in pages.xml.


          But the only way I obtain an error message when I enter username and/or password incorrectly is when I set the org.jboss.seam.loginFailed key with a message, in messages.properties.


          HTH.


          Francisco Antônio.


          The biggest weapon against stress is our ability to choose a thought instead of another one. (WILLIAM JAMES)

          • 2. Re: Using JAAS for authentication ignores
            David Reed Newbie

            Thanks.  I will try that.


            So are you saying that having an entry in the messages.properties file allows the redirect to work correctly?


            I had cleared that line out in the messages.properties file because I do not like that popping up in my JSF messages tag but wanted it to redirect to another page instead.


            Thanks,
            David