• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Bear Bibeault
  • Knute Snortum
  • Liutauras Vilda
Sheriffs:
  • Tim Cooke
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Tim Moores
  • Frits Walraven
  • Ron McLeod
  • Ganesh Patekar
  • salvin francis
Bartenders:
  • Tim Holloway
  • Carey Brown
  • Stephan van Hulst

Form based authentication with glassfish5 failed  RSS feed

 
Greenhorn
Posts: 5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
i'm trying to code a login page in a JEE application on netbeans. So I create: login.jsp, login_error.jsp and admin/admin.jsp pages.

**login.jsp**

       

**login_error.jsp**


 
I made the necessary configurations in the deployment file **web.xml**

   
and also, in **glassfish-web.xml**


In the admin console (relative to glassfish5), i create a new user in security->realms->file with the name="admin", password="0000" and user group="appadmin".
The problem is, when I'm trying to test the application, I keep having the error page every time I enter a correct username/password or a wrong username/password.
Can anybody help me to solve this problem please?
thanks
 
Bartender
Posts: 20125
103
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Sirine!

How are you testing? Are you trying to navigate to the login page using a URL like "http://myserver/myapp/login.jsp"? Because that does not work. The only time the login form works properly is if the container (Glassfish) security system detects an attempt to invoked a secured URL. For example, "http://myserver/myapp/admin/users.jsp". If you attempt to navigate to the login page directly, the security environment hasn't been set up by the server.
 
sirine infowiste
Greenhorn
Posts: 5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Tim for helping me.

In fact, I'm trying to attend the admin welcome file, it is located under admin folder (WEB-INF/admin/admin.jsp) and, when running the application, I got this url
http://localhost:8080/AuthencateApp/admin/admin.jsp
with the login form.
After submitting the correct login/password I got the error page with this url
http://localhost:8080/AuthencateApp/admin/j_security_check
I tested so many times different users with group-name = "appadmin" by creating them in realms/file, but always I'm having the same error.

Is there any way to know the cause of this problem?
Thanks
 
Tim Holloway
Bartender
Posts: 20125
103
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The URL http://localhost:8080/AuthencateApp/admin/admin.jsp does not reference the resource at /WEB-INF/admin/admin.jsp. It references the resource at /admin/admin.jsp. So there may be a "404" error there. You didn't indicate what error code your "error page" listed.

In any eveny, remote users cannot use URLs with /WEB-INF in them. All resources under /WEB-INF are hidden from remote URL access. This is a security feature designed to keep attackers from being able to snoop the code, config files, and so forth.
 
sirine infowiste
Greenhorn
Posts: 5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry! I was wrong!
The admin.jsp file was under admin folder in web pages folder

There is no 404 error
 
Tim Holloway
Bartender
Posts: 20125
103
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What does the "error page" look like, then? Also, have you checked the server logs?
 
sirine infowiste
Greenhorn
Posts: 5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:What does the "error page" look like, then? Also, have you checked the server logs?


I'm redirected to the error page that I created (it is named login_error.jsp)

And for logs, the log folder is empty ! o_O'
 
Tim Holloway
Bartender
Posts: 20125
103
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ah! That's not an "error", it's the loginfail page. The loginfail page is displayed when a user attempts to log in, and fails. The server displays this page to allow retrying the login, and functionally, it's just the same as the login page itself.

A Loginfail occurs when the userid/password from the login page form do not match valid credentials according to the Realm that's handling the login. So either your Realm is not configured properly or you aren't typing in a valid login.

Please note that in Java BOTH the userid AND password are case-sensitive.
 
sirine infowiste
Greenhorn
Posts: 5
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, this is exactly what I mean it.
Now, for the username/password I tried more than one, and I tested it with the correct ones, and always I'm redirected to my error page. (As I said before, I created  in the Security-> realms-> files in the admin console a user ; id=admin, password=0000, group-list=appadmin. When testing, I entreded admin and 0000 but I got the error)
Is there any way to know the origin of this failure?
I tried with glassfish 4.1.1 and glassfish 5 but I got the same problem.
 
Tim Holloway
Bartender
Posts: 20125
103
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There's really only 2 things that I can think of in that case.

One is that the userid/password don't really match what's in the credentials. If not because of wrong upper/lower case, then probably because there are spaces where there should not be, so the credentials "look" OK, but don't match on a strict String comparison. Or there's an issue where you're encrypting the password and didn't define the Realm with encryption (or the reverse).

The other possible reason is that you're using the wrong Realm. For example, you told Glassfish to use a database or LDAP-based Realm, but put your credentials in a text file, so the Realm's login routine didn't find them in the database or LDAP store.

That's about as far as I can go, since I haven't configured Glassfish recently. I'm moving this to the Glassfish forum where people who actively work with Glassfish may be able to figure something out.
 
Enjoy the full beauty of the english language. Embedded in this tiny ad:
RavenDB is an Open Source NoSQL Database that’s fully transactional (ACID) across your database
https://coderanch.com/t/704633/RavenDB-Open-Source-NoSQL-Database
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!