File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes BEA/Weblogic and the fly likes WebLogic Form-Based Authentication Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Elasticsearch in Action this week in the Big Data forum!
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "WebLogic Form-Based Authentication Problem" Watch "WebLogic Form-Based Authentication Problem" New topic
Author

WebLogic Form-Based Authentication Problem

Peter Smith
Greenhorn

Joined: Feb 03, 2004
Posts: 5
I am trying to set up Form-Based Authentication on WebLogic8.1
The Problem:
If the user provides correct userid/password, he gets access to the protected resource as required, but if he provides incorrect userid/password, he gets a 403 Forbidden page, instead of getting the login failure page.
The Descriptors:
WEB.XML
___________________________________________________________________________
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<welcome-file-list>
<welcome-file>/protected/index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>My secure resources</web-resource-name>
<description>Resources to be placed under security control.</description>
<url-pattern>/protected/index.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>guest</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/LoginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>The role allowed to access our content</description>
<role-name>guest</role-name>
</security-role>
</web-app>
WEBLOGIC.XML
___________________________________________________________________________
<!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web Application 8.1//EN" "http://www.bea.com/servers/wls810/dtd/weblogic810-web-jar.dtd">
<weblogic-web-app>
<security-role-assignment>
<role-name>guest</role-name>
<principal-name>MyUser</principal-name>
</security-role-assignment>
</weblogic-web-app>
___________________________________________________________________________
What am I missing here? Why doesnt it redirect to /LoginError.jsp instead of showing the 403 Forbidden page?
javai girl
Greenhorn

Joined: Jun 14, 2004
Posts: 2
I'm getting the same problem!
Were you able to find the solution???

TIA
[ July 01, 2004: Message edited by: javai girl ]
yogendra babu
Greenhorn

Joined: Jul 01, 2002
Posts: 17
Will the below config in web.xml helps u ???

<error-page>
<error-code>
403
</error-code>
<location>
/jsp/formpages/AccessRestricted.jsp
</location>
</error-page>
sharon Developer
Greenhorn

Joined: Jul 14, 2005
Posts: 3
No, it did not. But I test the security web application come with weblogic8.1 examples, it works fine. I still did not figure out what's the problem.
sharon Developer
Greenhorn

Joined: Jul 14, 2005
Posts: 3
It seems weblogic web server has a very high requirement for error page syntax. I copied fail-login.html from weblogic security webapp sample src folder to my application folder and make it as my login error page. My page works now.
 
Don't get me started about those stupid light bulbs.
 
subject: WebLogic Form-Based Authentication Problem