2 Replies Latest reply on Aug 20, 2008 1:05 PM by Ragav Gomatam

    LDAP is giving error : Invalid direct reference to form logi

    hamood islam Newbie

      I am trying to develop a sample application and authenticating it using Apache LDAP Server. Here are my enteries for login-config.xml file

      <application-policy name="MoITWeb">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
       <module-option name="java.naming.factory.initial">
       com.sun.jndi.ldap.LdapCtxFactory
       </module-option>
       <module-option name="java.naming.provider.url">
       ldap://localhost:10389/
       </module-option>
       <module-option name="java.naming.security.authentication">
       simple
       </module-option>
       <module-option name="java.naming.security.credentials">
       clear-text password
       </module-option>
       <module-option name="principalDNPrefix">uid=</module-option>
       <module-option name="principalDNSuffix">
       ,ou=People,dc=example,dc=com
       </module-option>
       <module-option name="rolesCtxDN">
       ou=Roles,dc=example,dc=com
       </module-option>
       <module-option name="uidAttributeID">member</module-option>
       <module-option name="matchOnUserDN">true</module-option>
       <module-option name="roleAttributeID">cn</module-option>
       <module-option name="roleAttributeIsDN">false</module-option>
       <module-option name="searchTimeLimit">5000</module-option>
       <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
       </login-module>
       </authentication>
       </application-policy>


      My web.xml file is this

      <web-app>
       <welcome-file-list>
       <welcome-file>index.jsp</welcome-file>
       </welcome-file-list>
       <security-constraint>
       <display-name>ValidUser</display-name>
       <web-resource-collection>
       <web-resource-name>Resources</web-resource-name>
       <url-pattern>/security/success.jsp</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <description>ValidUser</description>
       <!--<role-name>ValidUser</role-name>-->
       <role-name>JBossAdmin</role-name>
       </auth-constraint>
       </security-constraint>
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>Setup(admin) Section</web-resource-name>
       <description>For all authorized user</description>
       <url-pattern>/security/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <description>
       Allow access for both default and enterprise users
       </description>
       <role-name>JBossAdmin</role-name>
       </auth-constraint>
       </security-constraint>
       <security-role>
       <description>ValidUser</description>
       <role-name>JBossAdmin</role-name>
       </security-role>
      
       <login-config>
       <auth-method>FORM</auth-method>
       <realm-name>MoITWeb</realm-name>
       <form-login-config>
       <form-login-page>/security/login.jsp</form-login-page>
       <form-error-page>/security/error.jsp</form-error-page>
       </form-login-config>
       </login-config>
      
      </web-app>
      here are my pages
      index.jsp
      /security/login.jsp
      /security/error.jsp
      /security/succss.jsp

      here is code for login.jsp
      <form method="POST" action='<%=response.encodeURL("j_security_check")%>' >
       <table cellpadding="2" border="0" cellspacing="0">
       <tr>
       <td align="right">Username:</td>
       <td align="left"><input type="text" name="j_username" size="20"></td>
       </tr>
       <tr>
       <td align="right">Password:</td>
       <td align="left"><input type="password" name="j_password" size="20"></td>
       </tr>
       <tr>
       <td align="right"><input type="submit" value="Log In"></td>
       <td align="left"><input type="reset"></td>
       </tr>
       </table>
      </form>


      I have set the security domain in jboss-web.xml
      as
      <jboss-web>
       <security-domain>java:/jaas/MoITWeb</security-domain>
      </jboss-web>

      Where ever i try to run the application, login page appears. I have give user and password, If password is woring I am redirected to error.jsp, but if both user name and password are correct server gives an error
      Invalid direct reference to form login page
      The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).

      I am trying to solve this issue from last 5 days but unable to find any solution.