1 Reply Latest reply on Mar 27, 2002 3:01 PM by Luke Taylor

    form based auth

    Andrej Newbie

      Hi, all!
      Please, help me with my form based auth process... I've set up all my files and associated my loginmodule successfully, but when attempting to enter restricted area (/restricted) i have 403 error - access denied. My loginmodule has it's own log wich looks like this:
      [LoginModule] -> initialize()
      [LoginModule] -> login()
      [LoginModule] -> commit()
      And i can see that loginmodule accepted my username/password. So, i would suppose, jboss can't see my roles.properties file, but this file is in WEB-INF/classes/
      And one more question is why when i use wrong username/password combination i do not see error page on my screen???

      =====web.xml

      <?xml version="1.0" encoding="UTF-8"?>

      <!DOCTYPE web-app
      PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
      "http://java.sun.com/dtd/web-app_2_3.dtd">

      <web-app>
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Secure Content</web-resource-name>
      <url-pattern>/restricted/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>authorized-user</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
      <form-login-page>/login/login.jsp</form-login-page>
      <form-error-page>/login/failed.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      <role-name>authorized-user</role-name>
      </security-role>

      </web-app>

      =====web.xml

      =====roles.properties

      ###
      test,authorized-user

      =====roles.properties