This content has been marked as final.
Show 3 replies
-
1. Re: form based authentication not working under JBoss 4.0.5
wonker Feb 9, 2007 6:19 AM (in response to wonker)Bugger, forgot the confgs, sorry:
*** Login.jsp *** <FORM method="POST" name="j_security_check" action='<%=response.encodeURL("j_security_check") %>'> <input type="text" name="j_username"> <input type="password" name="j_password"> <input type="submit" value="Log In"> </FORM> *** web.xml *** <security-constraint> <web-resource-collection> <web-resource-name>Admin Tool</web-resource-name> <description>The Admin site</description> <url-pattern>/action/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>Admin System</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>ADMIN</realm-name> <form-login-config> <form-login-page>/Login.jsp</form-login-page> <form-error-page>/Login.jsp?error=true</form-error-page> </form-login-config> </login-config> <security-role> <role-name>Admin System</role-name> </security-role> *** jboss-web.xml *** <jboss-web> <context-root>/admin</context-root> <security-domain>java:/jaas/admin-profile</security-domain> </jboss-web> *** login-config.xml *** <application-policy name="admin-profile"> <authentication> <login-module code="foo.bar.jaas.spi.LdapLoginModule" flag="required"> <module-option name="noauth">false</module-option> <module-option name="debug">false</module-option> <module-option name="principalClass">foo.bar.jaas.AdminPrincipal</module-option> </login-module> </authentication> </application-policy>
-
2. Re: form based authentication not working under JBoss 4.0.5
wonker Feb 9, 2007 8:22 AM (in response to wonker)Also worth a mention is that, under 3.2.5 when I request a protected resource JBoss issues a 302 which sends me to the login page with the sessionid etc.
Although under 4.0.2 no 302 is issued. -
3. Re: form based authentication not working under JBoss 4.0.5
wonker Feb 14, 2007 4:30 AM (in response to wonker)The problem was that the FormAuthenticator class under 3.2.5 used a Response.sendRedirect() to get me to my login page, which issues a 302.
Whereas under 4.0.5, the class uses RequestDispatcher.forward() to get me to the login page, which issues no such 302, therefore causing me to have a 404 error on form submission.