Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

login form on any page

 
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I'm using jboss 4.0.3 and jaas with form based authentication. Everything is working but I would like to have possibility to have a login form on every (posibly even not secured) page. When I put the "usual" form


on the pages I get the error:

HTTP Status 400 - Invalid direct reference to form login page



Does anybody know how to solve this problem?

Thanks in advance for any help

Karol
 
Ranch Hand
Posts: 732
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi there.

I am no expert but since jboss uses the tomcat 5.5 as web container, then i think you are not using the login page correctly.

Tomcat itself shows the login page for you (the web user) when he tries to access the "protected" pages you define in the server.
You cannot provide a direct link to the login page yourself (which is exactly what the error says).

Hope it helped,

Roy.
 
Karol Oslowski
Ranch Hand
Posts: 51
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

you are in a way right but - what I wanted to achieve is to have a login form on every web page (when you are not logged in) just like for instance on www.jroller.com ..

I have a strange impression that it is much more difficult than it seemed to be.

Kind Regards
 
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you want to do the login thing from scratch you need to first create a security realm or use and existing one in the file called login-config.xml which is present in the jboss_install_dir/server/default/conf/login-config.xml

like so.

<application-policy name = "test_authentication">
<authentication>
<login-module code="login.handler.class"
flag = "required">
</login-module>
</authentication>
</application-policy>

once this is done you need to create a file called jboss-web.xml if you havnt already in your <web-application-folder>/WEB-INF/

In that you need to create the following entry. Which looks up the security realm that you had setup earlier.
<jboss-web>

<security-domain>java:/jaas/test_authentication</security-domain>
</jboss-web>

And finally in your web.xml you need to add the following entry. which will link to the entry you have made in your jboss-web.xml.


<security-constraint>
<web-resource-collection>
<web-resource-name>webfiles</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>everyone</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TestRealm</realm-name>
</login-config>

<security-role>
<role-name>everyone</role-name>
</security-role>

This setup will prompt you with a basic dialog box every time a user opens up any page on your webapplication. you can further change the authentication method to authenticate usinig a separate page by specifiying the auth-method in your web.xml as FORM.


hope this helped.
 
You get good luck from rubbing the belly of a tiny ad:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic