0 Replies Latest reply on Apr 18, 2003 12:08 PM by Terry

    setting up form based authentication

    Terry Newbie

      I looked through the web and found out how to setup form based authentication, it took a little trying, so I thought I would post my results in how I setup form based authentication.

      in the login-config.xml I left basically the same, used the default "other" setting which was at the bottom of the login-config.xml file.

      /home/terry/jboss-3.0.6/server/default/conf/login-config.xml
      <application-policy name = "other">


      <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required" />
      <module-option name="unauthenticated-identity">who</module-option>

      </application-policy>

      I used the jboss-web.xml to look at the configuration of "other" in login-config.xml

      jboss-web.xml
      <jboss-web>
      <security-domain>java:/jaas/other</security-domain>
      </jboss-web>

      made a text file to hold my users, passwords and roles, users.properties and roles.properties.

      /home/terry/jboss-3.0.6/server/default/conf/users.properties
      some=user

      /home/terry/jboss-3.0.6/server/default/conf/roles.properties
      some=role1

      then in my web.xml file I declared my <security-constraint> and my <login-config>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>
      <url-pattern>/secure</url-pattern>

      <http-method>DELETE</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      </web-resource-collection>

      <auth-constraint>
      <role-name>role1</role-name>
      </auth-constraint>
      </security-constraint>


      <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
      <form-login-page>/login.html</form-login-page>
      <form-error-page>/failed_login.html</form-error-page>
      </form-login-config>
      </login-config>

      I then setup my /login.html page




      Username



      Password









      and that did it. I hope this helps.

      -Piter