[jboss-user] [Security] - How to make JAAS Login Failure Page more informative ?

shantanu.u do-not-reply at jboss.com
Mon Nov 23 14:52:18 EST 2009


My stack is as follows :
* JSF 1.2,  Facelets, Richfaces 3.2.1
* JAAS - authentication and authorization
* Tomcat 6

Points to note :
1. JAAS is working. I'm able to login into the application. 
2. Roles are working. CMA intercepts when I hit a secured resource.
3. Authentication mechanism in web.xml
	<login-config>
  | 		<auth-method>FORM</auth-method>
  | 		<realm-name>myrealm</realm-name>
  | 		<form-login-config>
  | 			<form-login-page>/faces/login/login.jsf</form-login-page>
  | 			<form-error-page>/faces/login/loginerror.jsf</form-error-page>
  | 		</form-login-config>
  | 	</login-config>

Problem
4. What I really want is to inform the user why the login failed :
	- wrong user id
	- wrong password
	- account locked due to too many unsuccessful attempts

   How can I do this ? 
   
   The My JAAS LoginModule does not have any handle to session/request/JSF messages ?
   
   I don't want a generic login failure page.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4267132#4267132

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4267132



More information about the jboss-user mailing list