Okay, I went through the nightmare of getting examples.security.jaas SAmpleCallbackHandler to work to the point where I can run:
It correctly returns a failed login attempt or a successful login attempt. The web.xml was set up with the following:
However, I am not sure what I need to do with my login.jsp page so that after doing the loginContext.login() it automagically goes back to the page that the security-contraint was set up to send me to the login.jsp page in the first place to log the user in if they are not in the role (i.e., in this case the role is Administrator).
Can somebody explain how this is supposed to work? How will weblogic know that the user is successfully logged in? Is the mere call of loginContext.login() enough? I see there is something called Subject and some mention of RunAs(), which I have no clue what it is. When I tried by the way to just use a parent.history.back() to go back if it sees the return code of the login was 0, it does not seem to leave the login page. Putting a back button with the same code puts me back not at the restricted page I was trying to go to, but back at the page that has the link the user selects to the restricted page.
I really wish there was good examples out on the web. So, eclipse whines that Invalid Security role-name Administrators. I look about and see mention of using weblogic.xml and having something like:
Unfortunatly, when I create this in eclipse under source's WEB-INF, the application will not start up and throws a 404 error. Am I not supposed to create this where I did? Does eclipse have some hidden version of weblogic.xml that I need to modify, or is there something wrong with what I was trying to put in weblogic.xml?