1 Reply Latest reply on Jun 21, 2006 11:17 AM by Andy W. Clements

    LDAP/JBOSS/JAAS

    Carlos Evangelista Newbie

      I looked for in this forum for the following message:
      Http Status 400 : Invalid direct reference to form login page

      I found some reply, but I did not obtain to decide my problem.
      Where I can find a skill simple to implement a security in my application being used struts and JAAS. It follows below some definitions made in my application:

      login-config:
      <application-policy name="siwcc">

      <login-module code="org.jboss.security.ClientLoginModule" flag="required"/>
      <login-module code="siwcc.util.MyLdapLoginModule"
      flag="required"></login-module>

      </application-policy>

      web.xml

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>siwcc</realm-name>
      <form-login-config>
      <form-login-page>/jsp/login.jsp</form-login-page>
      <form-error-page>/jsp/loginInvalido.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>AdminPages</web-resource-name>
      Administrator-only pages
      <url-pattern>/sistema/jsp/inicio.jsp</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>WCC0001</role-name>
      <role-name>WCC0002</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>


      jboss-web.xml
      <jboss-web>
      <context-root>siwcc</context-root>
      <security-domain>java:/jaas/siwcc</security-domain>
      </jboss-web>

      login.jsp

      <input type="text" name="j_username"
      <input type="text" name="j_password"

      jboss/server/default/conf/auth.conf
      siwcc {
      required;
      org.jboss.security.ClientLoginModule required;
      };

        • 1. Re: LDAP/JBOSS/JAAS
          Andy W. Clements Newbie

          I'm no expert, but I throw a couple of ideas your way since no one has repsonded yet.

          Usually one needs some module-options with the LDAP login-module (url, principalDNPrefix, etc.), but I don't see any of that in your login-config.xml file. I'm not familiar with the siwcc.util.MyLdapLoginModule but it seems you are missing some attributes. Also, is there a reason you are using your own LDAP login module instead of the org.jboss.security.auth.spi.LdapLoginModule one?

          Are you getting any errors in the logs? Try adding the following to the log4j.xml file and see what is coming up in your server.log file

          <category name="org.jboss.security">
           <priority value="TRACE" class="org.jboss.logging.XLevel"/>
          </category>
          <category name="org.jboss.web.tomcat.security">
           <priority value="TRACE" class="org.jboss.logging.XLevel"/>
          </category>
          <category name="org.apache.catalina">
           <priority value="DEBUG"/>
          </category>
          

          This can also be found on point 4 of the security FAQ at the beginning of the forum.

          Let me know what you come up with.

          --Andy