[jboss-user] [Security & JAAS/JBoss] - JAAS, login configuration + Hi everybody

purbano do-not-reply at jboss.com
Tue Jul 3 07:40:24 EDT 2007

Hello everybody, I've recently been subscribed to this forum, for I wanted to ask a doubt, and possible more will come later (and I hope one day I could answer one).

I am migrating an application, but I have problems with the login configuration. I use JAAS, an authorization form-based against a custom LoginModule. But login is failing. In myApp/WEB-INF/web.xml, I have:

  |   <login-config>
  |     <auth-method>FORM</auth-method>
  |     <realm-name>A name</realm-name>
  |     <form-login-config>
  |       <form-login-page>/login.jsp</form-login-page>
  |       <form-error-page>/error.jsp</form-error-page>
  |     </form-login-config>
  |   </login-config>

For the debug messages of the login module, I think authentication is succesful on the server, but I am redirected to login.jsp .

I have read about the form-based login process and I found the following explanation (with a graphic): http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security5.html#wp483367 . According to that, I should be redirected to the requested resource, or to error.jsp , if I am wrong and the login is actually failing.

I have tried it with jboss-4.0.2 and jboss-4.2.0 . As you could observe, I am a beginner that has to learn much concepts (JAAS, ...) in few time.

Anyone could please, please, help?

Pablo J.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4059893#4059893

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4059893

More information about the jboss-user mailing list