• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Form based authentication with glassfish5 failed

 
Greenhorn
Posts: 5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
i'm trying to code a login page in a JEE application on netbeans. So I create: login.jsp, login_error.jsp and admin/admin.jsp pages.

**login.jsp**

       

**login_error.jsp**


 
I made the necessary configurations in the deployment file **web.xml**

   
and also, in **glassfish-web.xml**


In the admin console (relative to glassfish5), i create a new user in security->realms->file with the name="admin", password="0000" and user group="appadmin".
The problem is, when I'm trying to test the application, I keep having the error page every time I enter a correct username/password or a wrong username/password.
Can anybody help me to solve this problem please?
thanks
 
Saloon Keeper
Posts: 28319
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Sirine!

How are you testing? Are you trying to navigate to the login page using a URL like "http://myserver/myapp/login.jsp"? Because that does not work. The only time the login form works properly is if the container (Glassfish) security system detects an attempt to invoked a secured URL. For example, "http://myserver/myapp/admin/users.jsp". If you attempt to navigate to the login page directly, the security environment hasn't been set up by the server.
 
sirine infowiste
Greenhorn
Posts: 5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Tim for helping me.

In fact, I'm trying to attend the admin welcome file, it is located under admin folder (WEB-INF/admin/admin.jsp) and, when running the application, I got this url
http://localhost:8080/AuthencateApp/admin/admin.jsp
with the login form.
After submitting the correct login/password I got the error page with this url
http://localhost:8080/AuthencateApp/admin/j_security_check
I tested so many times different users with group-name = "appadmin" by creating them in realms/file, but always I'm having the same error.

Is there any way to know the cause of this problem?
Thanks
 
Tim Holloway
Saloon Keeper
Posts: 28319
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The URL http://localhost:8080/AuthencateApp/admin/admin.jsp does not reference the resource at /WEB-INF/admin/admin.jsp. It references the resource at /admin/admin.jsp. So there may be a "404" error there. You didn't indicate what error code your "error page" listed.

In any eveny, remote users cannot use URLs with /WEB-INF in them. All resources under /WEB-INF are hidden from remote URL access. This is a security feature designed to keep attackers from being able to snoop the code, config files, and so forth.
 
sirine infowiste
Greenhorn
Posts: 5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry! I was wrong!
The admin.jsp file was under admin folder in web pages folder

There is no 404 error
 
Tim Holloway
Saloon Keeper
Posts: 28319
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What does the "error page" look like, then? Also, have you checked the server logs?
 
sirine infowiste
Greenhorn
Posts: 5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim Holloway wrote:What does the "error page" look like, then? Also, have you checked the server logs?


I'm redirected to the error page that I created (it is named login_error.jsp)

And for logs, the log folder is empty ! o_O'
 
Tim Holloway
Saloon Keeper
Posts: 28319
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ah! That's not an "error", it's the loginfail page. The loginfail page is displayed when a user attempts to log in, and fails. The server displays this page to allow retrying the login, and functionally, it's just the same as the login page itself.

A Loginfail occurs when the userid/password from the login page form do not match valid credentials according to the Realm that's handling the login. So either your Realm is not configured properly or you aren't typing in a valid login.

Please note that in Java BOTH the userid AND password are case-sensitive.
 
sirine infowiste
Greenhorn
Posts: 5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, this is exactly what I mean it.
Now, for the username/password I tried more than one, and I tested it with the correct ones, and always I'm redirected to my error page. (As I said before, I created  in the Security-> realms-> files in the admin console a user ; id=admin, password=0000, group-list=appadmin. When testing, I entreded admin and 0000 but I got the error)
Is there any way to know the origin of this failure?
I tried with glassfish 4.1.1 and glassfish 5 but I got the same problem.
 
Tim Holloway
Saloon Keeper
Posts: 28319
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There's really only 2 things that I can think of in that case.

One is that the userid/password don't really match what's in the credentials. If not because of wrong upper/lower case, then probably because there are spaces where there should not be, so the credentials "look" OK, but don't match on a strict String comparison. Or there's an issue where you're encrypting the password and didn't define the Realm with encryption (or the reverse).

The other possible reason is that you're using the wrong Realm. For example, you told Glassfish to use a database or LDAP-based Realm, but put your credentials in a text file, so the Realm's login routine didn't find them in the database or LDAP store.

That's about as far as I can go, since I haven't configured Glassfish recently. I'm moving this to the Glassfish forum where people who actively work with Glassfish may be able to figure something out.
 
I do some of my very best work in water. Like this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic