3 Replies Latest reply on Feb 14, 2007 4:30 AM by Niraj Patel

    form based authentication not working under JBoss 4.0.5 but

    Niraj Patel Newbie

      I am having trouble with jaas and jboss under JBoss 4.0.5 (does work in 3.2.5).

      When I try to access a protected resource, I should and do get redirected to the login page (j_security_check enabled) and I do, but logging in gives me a 404:

      http://host/admin/action/Home ->
      http://host/admin/Login.jsp ->
      http://host/j_security_check;jsessionid=1 (404)

      With JBoss 3.2.5 when I try and access the protected resource I get sent to the login page, but it has a session id appended to it and it works fine (I get sent to the resource):
      http://host/admin/action/Home ->
      http://host/admin/Login.jsp;jsessionid=2 ->

      The intresting thing is, when I handcraft the login url for 4.0.5 to be like the 3.2.5 one is works:
      http://host/admin/action/Home ->
      http://host/admin/Login.jsp ->
      http://host/j_security_check;jsessionid=3 (404)
      http://host/admin/Login.jsp;jsessionid=3 (I know sessionId I so can construct url) ->

      I have checked the forum posts and can't see anything of note. I have added my config below but it works in a way as when I handcraft the url, it works fine.

      Anyone have any idea? Cheers in advance.

        • 1. Re: form based authentication not working under JBoss 4.0.5
          Niraj Patel Newbie

          Bugger, forgot the confgs, sorry:

          *** Login.jsp ***
          <FORM method="POST" name="j_security_check" action='<%=response.encodeURL("j_security_check") %>'>
           <input type="text" name="j_username">
           <input type="password" name="j_password">
           <input type="submit" value="Log In">
          *** web.xml ***
           <web-resource-name>Admin Tool</web-resource-name>
           <description>The Admin site</description>
           <role-name>Admin System</role-name>
           <role-name>Admin System</role-name>
          *** jboss-web.xml ***
          *** login-config.xml ***
          <application-policy name="admin-profile">
           <login-module code="foo.bar.jaas.spi.LdapLoginModule" flag="required">
           <module-option name="noauth">false</module-option>
           <module-option name="debug">false</module-option>
           <module-option name="principalClass">foo.bar.jaas.AdminPrincipal</module-option>

          • 2. Re: form based authentication not working under JBoss 4.0.5
            Niraj Patel Newbie

            Also worth a mention is that, under 3.2.5 when I request a protected resource JBoss issues a 302 which sends me to the login page with the sessionid etc.

            Although under 4.0.2 no 302 is issued.

            • 3. Re: form based authentication not working under JBoss 4.0.5
              Niraj Patel Newbie

              The problem was that the FormAuthenticator class under 3.2.5 used a Response.sendRedirect() to get me to my login page, which issues a 302.

              Whereas under 4.0.5, the class uses RequestDispatcher.forward() to get me to the login page, which issues no such 302, therefore causing me to have a 404 error on form submission.