wood burning stoves 2.0*
The moose likes BEA/Weblogic and the fly likes WebLogic Form-Based Authentication Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "WebLogic Form-Based Authentication Problem" Watch "WebLogic Form-Based Authentication Problem" New topic
Author

WebLogic Form-Based Authentication Problem

Peter Smith
Greenhorn

Joined: Feb 03, 2004
Posts: 5
I am trying to set up Form-Based Authentication on WebLogic8.1
The Problem:
If the user provides correct userid/password, he gets access to the protected resource as required, but if he provides incorrect userid/password, he gets a 403 Forbidden page, instead of getting the login failure page.
The Descriptors:
WEB.XML
___________________________________________________________________________
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<welcome-file-list>
<welcome-file>/protected/index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>My secure resources</web-resource-name>
<description>Resources to be placed under security control.</description>
<url-pattern>/protected/index.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>guest</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/LoginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>The role allowed to access our content</description>
<role-name>guest</role-name>
</security-role>
</web-app>
WEBLOGIC.XML
___________________________________________________________________________
<!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web Application 8.1//EN" "http://www.bea.com/servers/wls810/dtd/weblogic810-web-jar.dtd">
<weblogic-web-app>
<security-role-assignment>
<role-name>guest</role-name>
<principal-name>MyUser</principal-name>
</security-role-assignment>
</weblogic-web-app>
___________________________________________________________________________
What am I missing here? Why doesnt it redirect to /LoginError.jsp instead of showing the 403 Forbidden page?
javai girl
Greenhorn

Joined: Jun 14, 2004
Posts: 2
I'm getting the same problem!
Were you able to find the solution???

TIA
[ July 01, 2004: Message edited by: javai girl ]
yogendra babu
Greenhorn

Joined: Jul 01, 2002
Posts: 17
Will the below config in web.xml helps u ???

<error-page>
<error-code>
403
</error-code>
<location>
/jsp/formpages/AccessRestricted.jsp
</location>
</error-page>
sharon Developer
Greenhorn

Joined: Jul 14, 2005
Posts: 3
No, it did not. But I test the security web application come with weblogic8.1 examples, it works fine. I still did not figure out what's the problem.
sharon Developer
Greenhorn

Joined: Jul 14, 2005
Posts: 3
It seems weblogic web server has a very high requirement for error page syntax. I copied fail-login.html from weblogic security webapp sample src folder to my application folder and make it as my login error page. My page works now.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: WebLogic Form-Based Authentication Problem
 
Similar Threads
How to secure my page
form based login with LDAP
Having serious trouble configuring Authorization
WebLogic Form Based Authentication
ties form base authentication with database (weblogic 8.1)