[jboss-user] [Security & JAAS/JBoss] - LDAP is giving error : Invalid direct reference to form logi
hamoodulislam
do-not-reply at jboss.com
Wed Aug 20 01:02:51 EDT 2008
I am trying to develop a sample application and authenticating it using Apache LDAP Server. Here are my enteries for login-config.xml file
<application-policy name="MoITWeb">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
| <module-option name="java.naming.factory.initial">
| com.sun.jndi.ldap.LdapCtxFactory
| </module-option>
| <module-option name="java.naming.provider.url">
| ldap://localhost:10389/
| </module-option>
| <module-option name="java.naming.security.authentication">
| simple
| </module-option>
| <module-option name="java.naming.security.credentials">
| clear-text password
| </module-option>
| <module-option name="principalDNPrefix">uid=</module-option>
| <module-option name="principalDNSuffix">
| ,ou=People,dc=example,dc=com
| </module-option>
| <module-option name="rolesCtxDN">
| ou=Roles,dc=example,dc=com
| </module-option>
| <module-option name="uidAttributeID">member</module-option>
| <module-option name="matchOnUserDN">true</module-option>
| <module-option name="roleAttributeID">cn</module-option>
| <module-option name="roleAttributeIsDN">false</module-option>
| <module-option name="searchTimeLimit">5000</module-option>
| <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
| </login-module>
| </authentication>
| </application-policy>
My web.xml file is this
<web-app>
| <welcome-file-list>
| <welcome-file>index.jsp</welcome-file>
| </welcome-file-list>
| <security-constraint>
| <display-name>ValidUser</display-name>
| <web-resource-collection>
| <web-resource-name>Resources</web-resource-name>
| <url-pattern>/security/success.jsp</url-pattern>
| <http-method>GET</http-method>
| <http-method>POST</http-method>
| </web-resource-collection>
| <auth-constraint>
| <description>ValidUser</description>
| <!--<role-name>ValidUser</role-name>-->
| <role-name>JBossAdmin</role-name>
| </auth-constraint>
| </security-constraint>
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>Setup(admin) Section</web-resource-name>
| <description>For all authorized user</description>
| <url-pattern>/security/*</url-pattern>
| <http-method>GET</http-method>
| <http-method>POST</http-method>
| </web-resource-collection>
| <auth-constraint>
| <description>
| Allow access for both default and enterprise users
| </description>
| <role-name>JBossAdmin</role-name>
| </auth-constraint>
| </security-constraint>
| <security-role>
| <description>ValidUser</description>
| <role-name>JBossAdmin</role-name>
| </security-role>
|
| <login-config>
| <auth-method>FORM</auth-method>
| <realm-name>MoITWeb</realm-name>
| <form-login-config>
| <form-login-page>/security/login.jsp</form-login-page>
| <form-error-page>/security/error.jsp</form-error-page>
| </form-login-config>
| </login-config>
|
| </web-app>here are my pages
index.jsp
/security/login.jsp
/security/error.jsp
/security/succss.jsp
here is code for login.jsp
<form method="POST" action='<%=response.encodeURL("j_security_check")%>' >
| <table cellpadding="2" border="0" cellspacing="0">
| <tr>
| <td align="right">Username:</td>
| <td align="left"><input type="text" name="j_username" size="20"></td>
| </tr>
| <tr>
| <td align="right">Password:</td>
| <td align="left"><input type="password" name="j_password" size="20"></td>
| </tr>
| <tr>
| <td align="right"><input type="submit" value="Log In"></td>
| <td align="left"><input type="reset"></td>
| </tr>
| </table>
| </form>
I have set the security domain in jboss-web.xml
as <jboss-web>
| <security-domain>java:/jaas/MoITWeb</security-domain>
| </jboss-web>
Where ever i try to run the application, login page appears. I have give user and password, If password is woring I am redirected to error.jsp, but if both user name and password are correct server gives an error
Invalid direct reference to form login page
The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).
I am trying to solve this issue from last 5 days but unable to find any solution.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171412#4171412
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171412
More information about the jboss-user
mailing list