• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

login form on any page

 
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I'm using jboss 4.0.3 and jaas with form based authentication. Everything is working but I would like to have possibility to have a login form on every (posibly even not secured) page. When I put the "usual" form


on the pages I get the error:

HTTP Status 400 - Invalid direct reference to form login page



Does anybody know how to solve this problem?

Thanks in advance for any help

Karol
 
Ranch Hand
Posts: 732
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi there.

I am no expert but since jboss uses the tomcat 5.5 as web container, then i think you are not using the login page correctly.

Tomcat itself shows the login page for you (the web user) when he tries to access the "protected" pages you define in the server.
You cannot provide a direct link to the login page yourself (which is exactly what the error says).

Hope it helped,

Roy.
 
Karol Oslowski
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

you are in a way right but - what I wanted to achieve is to have a login form on every web page (when you are not logged in) just like for instance on www.jroller.com ..

I have a strange impression that it is much more difficult than it seemed to be.

Kind Regards
 
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you want to do the login thing from scratch you need to first create a security realm or use and existing one in the file called login-config.xml which is present in the jboss_install_dir/server/default/conf/login-config.xml

like so.

<application-policy name = "test_authentication">
<authentication>
<login-module code="login.handler.class"
flag = "required">
</login-module>
</authentication>
</application-policy>

once this is done you need to create a file called jboss-web.xml if you havnt already in your <web-application-folder>/WEB-INF/

In that you need to create the following entry. Which looks up the security realm that you had setup earlier.
<jboss-web>

<security-domain>java:/jaas/test_authentication</security-domain>
</jboss-web>

And finally in your web.xml you need to add the following entry. which will link to the entry you have made in your jboss-web.xml.


<security-constraint>
<web-resource-collection>
<web-resource-name>webfiles</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>everyone</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TestRealm</realm-name>
</login-config>

<security-role>
<role-name>everyone</role-name>
</security-role>

This setup will prompt you with a basic dialog box every time a user opens up any page on your webapplication. you can further change the authentication method to authenticate usinig a separate page by specifiying the auth-method in your web.xml as FORM.


hope this helped.
 
reply
    Bookmark Topic Watch Topic
  • New Topic