login form on any page

Hi,

I'm using jboss 4.0.3 and jaas with form based authentication. Everything is working but I would like to have possibility to have a login form on every (posibly even not secured) page. When I put the "usual" form

<FORM method="POST" action="j_security_check"><TABLE BORDER="2"><TR><TD>Login:</TD><TD><INPUT type="text" name="j_username" size="16" maxlength="24" /><TD>Hasło:</TD><TD><INPUT type="password" name="j_password" size="16" maxlength="24" /><TD>Login:</TD><TD><INPUT type="submit" value="OK" /></TR></TABLE></FORM>
on the pages I get the error:

HTTP Status 400 - Invalid direct reference to form login page

Does anybody know how to solve this problem?

Thanks in advance for any help

Karol

Hi there.

I am no expert but since jboss uses the tomcat 5.5 as web container, then i think you are not using the login page correctly.

Tomcat itself shows the login page for you (the web user) when he tries to access the "protected" pages you define in the server.
You cannot provide a direct link to the login page yourself (which is exactly what the error says).

Hope it helped,

Roy.

Hi,

you are in a way right but - what I wanted to achieve is to have a login form on every web page (when you are not logged in) just like for instance on www.jroller.com ..

I have a strange impression that it is much more difficult than it seemed to be.

Kind Regards

If you want to do the login thing from scratch you need to first create a security realm or use and existing one in the file called login-config.xml which is present in the jboss_install_dir/server/default/conf/login-config.xml

like so.

<application-policy name = "test_authentication">
<authentication>
<login-module code="login.handler.class"
flag = "required">
</login-module>
</authentication>
</application-policy>

once this is done you need to create a file called jboss-web.xml if you havnt already in your <web-application-folder>/WEB-INF/

In that you need to create the following entry. Which looks up the security realm that you had setup earlier.
<jboss-web>

<security-domain>java:/jaas/test_authentication</security-domain>
</jboss-web>

And finally in your web.xml you need to add the following entry. which will link to the entry you have made in your jboss-web.xml.


<security-constraint>
<web-resource-collection>
<web-resource-name>webfiles</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>everyone</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TestRealm</realm-name>
</login-config>

<security-role>
<role-name>everyone</role-name>
</security-role>

This setup will prompt you with a basic dialog box every time a user opens up any page on your webapplication. you can further change the authentication method to authenticate usinig a separate page by specifiying the auth-method in your web.xml as FORM.


hope this helped.