I am using JBoss 3.2.3 and having problems with FORM authentication. I am using a custom login module that extends UsernamePasswordLoginModule. When I use BASIC authentication, everything behaves as expected. When I change to FORM authentication, none of the methods in my custom module are invoked so the user does not get authenticated. Below are snippets of the configuration files. What do I need to do to get FORM authentication working? login-config.xml
Thanks for sharing your working configuration. I noticed three differences, which are:
Your authenticated pages are in a separate directory.
You have a second <security-constraint> for /j_security_check.
You use <transport-guarantee>CONFIDENTIAL</transport-guarantee>
Since it works correctly with BASIC authentication, I do not think that the separate directory is a factor in problem. I tried adding the second <security-constraint> with no success. Since my application will be deployed behind the firewall, with Apache in the DMZ handling the SSL connection to the client, I did not change <transport-guarantee> from NONE to CONFIDENTIAL. Additionally, I am trying to keep the number of "moving parts" in the development environment to a minimum. Thanks again for your reply. Still looking for a solution.
Great news, I've finally got this solved, but I do not understand why. I had posted this same issue on JBoss' Forum. After much persistence, I received the recommendation to add to my log4j.xml. After I made the addition, he FORM authentication began working as expected. Below are snippets from the configuration file and login.jsp from the working FORM authentication. login-config.xml jboss-web.xml web.xml login.jsp