1 Reply Latest reply on May 5, 2004 9:34 PM by nikhilkumar

    Help! Form-based authentication issue

    nikhilkumar Newbie

      I have been trying to implement form-based authentication. The platform is JBOSS 3.2.3 on Windows XP Home edition. I am seeking help -- suggestions, debug recommendations, or, if I have overlooked the obvious!

      1. My expectations:

      I expect that when I access a restricted resource I will be sent to the Login.jsp. If I correctly fill in the UserID and password, I will be routed to the restricted resource. If the login fails, I will be routed to the Error.htm.

      2. What happens:
      I am routed to the Login.jsp (correct) but the login always routes me to the Error.htm page.

      The current setup:

      1. login-conf (located in\jboss\jboss-3.2.3\server\default\conf)


      <!-- A template configuration for the AES ial web application. This
      defaults to the UsersRolesLoginModule the same as other and should be
      changed to a stronger authentication mechanism as required.
      -->
      <application-policy name = "ial">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required" />

      </application-policy>

      2. The web.xml (located in the WAR location of ial\web\WEB-INF)

      <web-app>

      <!--
      - Deployment descriptor for an authenticated
      - section of the web site.
      -->
      <display-name>ial</display-name>
      "test"
      <welcome-file-list>
      <welcome-file>index.htm</welcome-file>
      </welcome-file-list>
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Restricted</web-resource-name>
      Declarative security
      <url-pattern>*.jsp</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>ial</role-name>
      </auth-constraint>
      <user-data-constraint>
      No descrp
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>

      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>ial</realm-name>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.htm</form-error-page>
      </form-login-config>
      </login-config>
      <security-role>
      <role-name>ial</role-name>
      </security-role>


      </web-app>

      3. The jboss-web.xml (same location as web.xml)
      <jboss-web>

      <context-root>/ial/web-app</context-root>
      <!-- Uncomment this element to add security for the application -->
      <security-domain>java:/jaas/ial</security-domain>

      </jboss-web>
      4. The application.xml located in ial\META-INF

      5. The jboss-app.xmllocated in ial\META-INF
      <jboss-app />
      6. The user.properties and the roles.properties files contents respectively (located in jboss\jboss-3.2.3\server\default\conf)
      # A roles.properties file for use with the UsersRolesLoginModule
      #
      # Format is
      #
      # username=role1,role2,role3
      nikhil=ial
      # users.properties file for use with the UsersRolesLoginModule
      # Format is:
      #
      # username=password
      nikhil=test