0 Replies Latest reply on May 4, 2004 10:45 AM by nikhilkumar

    Help! Form-based authentication

    nikhilkumar Newbie

      I have been trying to implement form-based authentication. The platform is JBOSS 3.2.3 on Windows XP Home edition. I am seeking suggestions, debug recommendations.

      1. My expectations:

      I expect that when I access a restricted resource I will be sent to the Login.jsp. If I correctly fill in the UserID and password, I will be routed to the restricted resource. If the login fails, I will be routed to the Error.htm.

      2. What happens:
      I am routed to the Login.jsp (correct) but the login always routes me to the Error.htm page.

      The current setup:

      1. login-conf (located in\jboss\jboss-3.2.3\server\default\conf)

      <!-- A template configuration for the AES ial web application. This
      defaults to the UsersRolesLoginModule the same as other and should be
      changed to a stronger authentication mechanism as required.
      <application-policy name = "ial">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required" />


      2. The web.xml (located in the WAR location of ial\web\WEB-INF)


      - Deployment descriptor for an authenticated
      - section of the web site.
      Declarative security
      No descrp




      3. The jboss-web.xml (same location as web.xml)

      <!-- Uncomment this element to add security for the application -->

      4. The application.xml located in ial\META-INF

      5. The jboss-app.xmllocated in ial\META-INF
      <jboss-app />
      6. The user.properties and the roles.properties files contents respectively (located in jboss\jboss-3.2.3\server\default\conf)
      # A roles.properties file for use with the UsersRolesLoginModule
      # Format is
      # username=role1,role2,role3
      # users.properties file for use with the UsersRolesLoginModule
      # Format is:
      # username=password
      7. The Login.jsp is:

      Password :
      <input type=submit value="Login">