I am trying to do form-based authentication (FBA) in what would seem a normal way but it is not working.
Here is what I do and what happens, see below for the environment, web.xml, etc.:
I want to enter the application by the url
http://servername/contextroot. When I do this, I get a 404.
When I enter
http://servername/contextroot/secure/index.jsp access is correctly denied, but I am not routed to the login page or error page.
When I enter
http://servername/contextroot/Login, I am correctly given the logon page. But after I enter userid/password and submit, I get 404 on
http://servername/contextroot/j_security_check. Which I guess makes sense, j_security_check should be without contextroot (???).
Can anyone straighten this out for me? I've followed the myriad examples out there as close as reasonable and no-go. Thanks hugely in advance.
CONFIGURATION: Win2K Websphere 5.0 Domino5 LDAP
WEB.XML: <?xml version="1.0" encoding="UTF-8"?> < !DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "
http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app id="WebApp"> <display-name>mtts</display-name> <filter> <filter-name>LoginFilter</filter-name> <display-name>LoginFilter</display-name> <filter-class>mizuho.mtts.struts.security.LoginFilter</filter-class> </filter> <filter-mapping> <filter-name>LoginFilter</filter-name> <url-pattern>/LoginFilter</url-pattern> </filter-mapping> <filter-mapping> <filter-name>LoginFilter</filter-name> <servlet-name>action</servlet-name> </filter-mapping> <filter-mapping> <filter-name>LoginFilter</filter-name> <servlet-name>Login</servlet-name> </filter-mapping> <filter-mapping> <filter-name>LoginFilter</filter-name> <servlet-name>logout</servlet-name> </filter-mapping> <filter-mapping> <filter-name>LoginFilter</filter-name> <url-pattern>/j_security_check</url-pattern> </filter-mapping> <
servlet> <servlet-name>action</servlet-name> <servlet-class>org.apache.struts.action.ActionServlet</servlet-class> <init-param> <param-name>config</param-name> <param-value>/WEB-INF/struts-config.xml</param-value> </init-param> <init-param> <param-name>debug</param-name> <param-value>2</param-value> </init-param> <init-param> <param-name>detail</param-name> <param-value>2</param-value> </init-param> <load-on-startup>2</load-on-startup> </servlet> <servlet> <servlet-name>Login</servlet-name> <display-name>Login</display-name> <jsp-file>/Login.jsp</jsp-file> </servlet> <servlet> <servlet-name>loginError</servlet-name> <display-name>loginError</display-name> <jsp-file>/loginError.jsp</jsp-file> </servlet> <servlet> <servlet-name>logout</servlet-name> <display-name>logout</display-name> <jsp-file>/logout.jsp</jsp-file> </servlet> <servlet-mapping> <servlet-name>action</servlet-name> <url-pattern>*.do</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>Login</servlet-name> <url-pattern>/Login</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>loginError</servlet-name> <url-pattern>/loginError</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>logout</servlet-name> <url-pattern>/logout</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>/secure/index.jsp</welcome-file> </welcome-file-list> <taglib> <taglib-uri>/tags/struts-bean</taglib-uri> <taglib-location>/WEB-INF/struts-bean.tld</taglib-location> </taglib> <taglib> <taglib-uri>/tags/struts-html</taglib-uri> <taglib-location>/WEB-INF/struts-html.tld</taglib-location> </taglib> <taglib> <taglib-uri>/tags/struts-logic</taglib-uri> <taglib-location>/WEB-INF/struts-logic.tld</taglib-location> </taglib> <taglib> <taglib-uri>/tags/struts-nested</taglib-uri> <taglib-location>/WEB-INF/struts-nested.tld</taglib-location> </taglib> <taglib> <taglib-uri>/tags/struts-tiles</taglib-uri> <taglib-location>/WEB-INF/struts-tiles.tld</taglib-location> </taglib> <security-constraint> <web-resource-collection> <web-resource-name>Secure Directory</web-resource-name> <description>Secure Pages</description> <url-pattern> /secure/*</url-pattern> <http-method> GET</http-method> <http-method> PUT</http-method> <http-method> HEAD</http-method> <http-method> TRACE</http-method> <http-method> POST</http-method> <http-method> DELETE</http-method> <http-method> OPTIONS</http-method> </web-resource-collection> <web-resource-collection> <web-resource-name>
Struts apps</web-resource-name> <description>Struts apps qualifier</description> <url-pattern> *.do</url-pattern> <http-method> GET</http-method> <http-method> PUT</http-method> <http-method> HEAD</http-method> <http-method> TRACE</http-method> <http-method> POST</http-method> <http-method> DELETE</http-method> <http-method> OPTIONS</http-method> </web-resource-collection> <auth-constraint> <description>All users</description> <role-name>user</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>Timesheet</realm-name> <form-login-config> <form-login-page>/Login.jsp</form-login-page> <form-error-page>/loginError.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description>Restrict access to Authenticated Users</description> <role-name>user</role-name> </security-role> </web-app>