This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes Jboss ldap Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Jboss ldap" Watch "Jboss ldap" New topic
Author

Jboss ldap

MK Shikarpuri
Greenhorn

Joined: Jan 21, 2004
Posts: 9
Hello,
I am using LdapLoginModule and form authentication to authenticate the user to my applicaiton. If the user is not authenticated, I go the the error page but if the user is authenticated successfully, how do I force the user to go to a specified JSP.
I am using j_security_check and Struts framework.
Thanks,
MK Shikarpuri
Greenhorn

Joined: Jan 21, 2004
Posts: 9
I got it to work. Let me know if someone needs to look at the code. I would be more than happy to share it.
Dave Teare
Ranch Hand

Joined: Oct 09, 2002
Posts: 80
Interesting - I had thought about this too.
Since you are using form-based login, the container pops up the login page only when a protected resource is accessed (i.e. it is a reactive model); the container is then in charge of redirecting you to the original page once you successfully login.
I personally have problems with this reactive model, and am currently trying to work around it; there must be a more flexible solution (else I'll write one ).
I am curious what solution you found? Thanks for sharing!!
--Dave.
MK Shikarpuri
Greenhorn

Joined: Jan 21, 2004
Posts: 9
Dave,
My problem was in the web.xml
So your welcome file should be the MAIN PAGE and form-login should point to LOGIN PAGE. If successfully logged in, it will take you to the MAIN page. In my case my debug level wasn't high enough and the application was actually failing during authentication and hence I could never go to the MAIN page.
Here's an snap of my web.xml
...
<welcome-file-list>
<welcome-file>main.jsp</welcome-file>
</welcome-file-list>
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Myapp</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>student</role-name>
<role-name>professor</role-name>
</auth-constraint>
</security-constraint>
...
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
...
<security-role>
<description>Student role</description>
<role-name>student</role-name>
</security-role>
<security-role>
<description>Professor role</description>
<role-name>professor</role-name>
</security-role>
 
Consider Paul's rocket mass heater.
 
subject: Jboss ldap
 
Similar Threads
Websphere SSO
User List in Container Managed Security
get User details
Session in Servlets.....Interesting
j_security_check 'next' page?