[jboss-user] [Security & JAAS/JBoss] - Re: Why JAAS authenticate() fails?

[benccit]

Jaikiran,

 Thanks for the response.

 I followed your lead and use the FORM-based authentication.
 However, I can't make the authentication work. Although the username and password were transmitted to the server, the error page was displayed. I checked the log, it indicated that the username and password were transmitted to the server. However the status was 200. It seems that the servlet path is wrong. For example, if I secured the webpages under /secret, the servlet path become /secret/j_security_check. I guess that is the reason why the authentication failed.

How can JBoss server know it has to use special j_security_check?

I have login html code as follows:
  

    Username: 
    Password: 
      
      
      
      
  

Do you know why the authentication fail?

By the way, in the server/default/conf/login-config.xml, the application-policy was defined as follows:

    <application-policy name = "transportation-security">
       
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
           <module-option name="usersProperties">/authentik/transportation-security-users.properties</module-option>
           <module-option name="rolesProperties">/authentik/transportation-security-roles.properties</module-option>
          </login-module>
       
    </application-policy>

Are the values for module-option usersProperties and rolesProperties correct? I am assuming the root "/" starts at server/default. Is my assumption correct?

Thanks,

Bensen

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983924#3983924

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983924