File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes BEA/Weblogic and the fly likes WebLogic Form-Based Authentication Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "WebLogic Form-Based Authentication Problem" Watch "WebLogic Form-Based Authentication Problem" New topic
Author

WebLogic Form-Based Authentication Problem

Peter Smith
Greenhorn

Joined: Feb 03, 2004
Posts: 5
I am trying to set up Form-Based Authentication on WebLogic8.1
The Problem:
If the user provides correct userid/password, he gets access to the protected resource as required, but if he provides incorrect userid/password, he gets a 403 Forbidden page, instead of getting the login failure page.
The Descriptors:
WEB.XML
___________________________________________________________________________
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<welcome-file-list>
<welcome-file>/protected/index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>My secure resources</web-resource-name>
<description>Resources to be placed under security control.</description>
<url-pattern>/protected/index.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>guest</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/LoginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>The role allowed to access our content</description>
<role-name>guest</role-name>
</security-role>
</web-app>
WEBLOGIC.XML
___________________________________________________________________________
<!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web Application 8.1//EN" "http://www.bea.com/servers/wls810/dtd/weblogic810-web-jar.dtd">
<weblogic-web-app>
<security-role-assignment>
<role-name>guest</role-name>
<principal-name>MyUser</principal-name>
</security-role-assignment>
</weblogic-web-app>
___________________________________________________________________________
What am I missing here? Why doesnt it redirect to /LoginError.jsp instead of showing the 403 Forbidden page?
javai girl
Greenhorn

Joined: Jun 14, 2004
Posts: 2
I'm getting the same problem!
Were you able to find the solution???

TIA
[ July 01, 2004: Message edited by: javai girl ]
yogendra babu
Greenhorn

Joined: Jul 01, 2002
Posts: 17
Will the below config in web.xml helps u ???

<error-page>
<error-code>
403
</error-code>
<location>
/jsp/formpages/AccessRestricted.jsp
</location>
</error-page>
sharon Developer
Greenhorn

Joined: Jul 14, 2005
Posts: 3
No, it did not. But I test the security web application come with weblogic8.1 examples, it works fine. I still did not figure out what's the problem.
sharon Developer
Greenhorn

Joined: Jul 14, 2005
Posts: 3
It seems weblogic web server has a very high requirement for error page syntax. I copied fail-login.html from weblogic security webapp sample src folder to my application folder and make it as my login error page. My page works now.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: WebLogic Form-Based Authentication Problem