2 Replies Latest reply on Apr 8, 2003 2:38 PM by Alex Li

    FORM authentication, could not go to the original requested

    Alex Li Newbie

      JBoss 3.0.7RC1, recent sync and build on Windows 2000SP3, running with JBossWeb.

      Set login-config to FORM authentication, after successful login, it does not take me back to the original requested URI. After tracing in the code, found the class org.mortbay.jetty.servlet.FormAuthenticator correctly set the __J_URI, however, after authentication, the session becomes NULL, it has to create a new session.

      Any help? Thank you.

        • 1. Re: FORM authentication, could not go to the original reques
          Alex Li Newbie

          My web.xml

          <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
          "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
          <web-app>
          <display-name>Secure Application</display-name>
          <welcome-file-list>
          <welcome-file>index.html</welcome-file>
          </welcome-file-list>
          <security-constraint>
          <web-resource-collection>
          <web-resource-name>Secure Realm</web-resource-name>
          <url-pattern>/*</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
          </web-resource-collection>
          <auth-constraint>
          <role-name>admin</role-name>
          </auth-constraint>
          </security-constraint>
          <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>Secure Realm</realm-name>
          <form-login-config>
          <form-login-page>/login.jsp</form-login-page>
          <form-error-page>/loginError.html</form-error-page>
          </form-login-config>
          </login-config>
          <security-role>
          Real world admin role
          <role-name>admin</role-name>
          </security-role>
          </web-app>

          • 2. Re: FORM authentication, could not go to the original reques
            Alex Li Newbie

            Sorry, it was my stupid mistake. Session was invalidated somewhere in the code.