2 Replies Latest reply on Oct 26, 2007 3:36 PM by mk dddd

    Http status error 404: you requested resources are not avail

    mk dddd Newbie

      I created a customized login module and placed in the login-config.xml in jboss:
      <application-policy name="CustomizedLogin">
      -
      <login-module code="com.xyz.net.CustomizedLoginModule" flag="required" />

      </application-policy>


      here is the jboss-web.xml

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
      <security-domain>java:/jaas/CustomizedLogin></security-domain>


      </jboss-web>


      here is the web.xml part


      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Login Test</web-resource-name>
      <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>admin</role-name>
      </auth-constraint>
      </security-constraint>
      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Test Application</realm-name>

      <form-login-config>
      <form-login-page>/login.html</form-login-page>
      <form-error-page>/login.html?failed=true</form-error-page>
      </form-login-config>
      </login-config>
      <security-role>
      <role-name>admin</role-name>
      </security-role>


      here is the login.html

      !DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


      <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
      login test


      <h2> Login</h2>
      <FORM METHOD=POST ACTION="j_security_check">

      Enter user ID and password:

      User ID
      Password


      And then click this button:








      did I do something wrong, do I need to specify the j
      _security_check in the web.xml, thanks for ur help

        • 1. Re: Http status error 404: you requested resources are not a
          Anil Saldanha Master

          You should not access the login page directly but try accessing any web resource. The container internally will redirect to the login page and after authentication/authorization, will get u the resource u sought.

          • 2. Re: Http status error 404: you requested resources are not a
            mk dddd Newbie

            Thanks for your reply,

            Can you tell me how I can have the container invoke the customized login module? you can see all my config files in the previous thread.

            Does the container invoke a hidden servlet to handle the j_security_check action from the form?

            where i should place the customized login module? under \jboss_home\server\default\deploy?

            how many places need to be configured? jboss-web.xml, web.xml,login-config.xml, anywhere else?




            <?xml version="1.0"?>
            <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

            <web-app>
            <welcome-file-list>
            <welcome-file>index.html</welcome-file>
            </welcome-file-list>


            <security-constraint>
            <web-resource-collection>
            <web-resource-name>SecurePages</web-resource-name>
            Security constraint for resources in the secure directory
            <url-pattern>/secure/*</url-pattern>
            <http-method>POST</http-method>
            <http-method>GET</http-method>
            </web-resource-collection>

            <auth-constraint>
            only let the system user login
            <role-name>admin</role-name>
            </auth-constraint>

            <user-data-constraint>
            SSL not required
            <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
            </security-constraint>


            <login-config>
            <auth-method>FORM</auth-method>
            <form-login-config>
            <form-login-page>/login.html</form-login-page>
            <form-error-page>/LoginError.html</form-error-page>
            </form-login-config>
            </login-config>


            <security-role>
            The Secure ROLE
            <role-name>admin</role-name>
            </security-role>
            </web-app>