Configuring A Simple FORM BASED Authentication Login for JBoss
Hi Experts Exchange Folks,
If we can answer this question - it will very likely be extremely useful to MANY others - so I am hoping you can help me - as well as anyone else who has had to try and get this situation to work. After buying two large books, combing all over the JBoss, MyEclipse, XDoclet sites and asking Google... What I found was that there were TONS of pages with "you can initialize this", "you can specify that", "you can use this new, snazzy, additional interface", "you can design your own - here just read and digest these 25 pages...", and so on. I spent the better part of the weekend trying to get the SIMPLEST FORM-BASED AUTHENTICATION to work and ended up rather frustrated due to the lack of a cohernet picture of the required pieces needed to solve the puzzle.
Here's the scenario:
1) There's a web-client who wants to log into a JBoss hosted web-server. The challenge is for the JBoss application server to support a SIMPLE login page.
2) The web-client will attempt to access a URL such as http://www.thatcoolsite.com/funstuff/main - where funstuff is a servlet that requires an authenticated login to be accessed and main is a place-holder page to be returned.
3) There are files including web.xml, roles.properties, user.properties, login.jsp, loginerror.jsp, plus tidbits and mapping vectors all over the place which ALL have to be perfectly aligned and concurring or nothing works.
My question is this: What is the minimum set of particulars that will...
A) Redirect the initial 'main' page call to cause the 'login.jsp' page to be returned to the caller
B) Accept the incoming j_username and j_password elements to be passed to the j_security_check module
C) Allow for the correct recognition of an established User and Role for the incoming args
D) Finally... return some page that announces the login-procedure was successful or failed.
I marked the question 'difficult' - because I am not sure anyone has the time to bother with it. But I appreciate two things: 1) The ability to pose the question - which often helps me find an answer. 2) This site has a WEALTH of good information - and this is something on which I just happen to be stuck - but I look forward to studying other answers already derived for others.
Thank you!
If we can answer this question - it will very likely be extremely useful to MANY others - so I am hoping you can help me - as well as anyone else who has had to try and get this situation to work. After buying two large books, combing all over the JBoss, MyEclipse, XDoclet sites and asking Google... What I found was that there were TONS of pages with "you can initialize this", "you can specify that", "you can use this new, snazzy, additional interface", "you can design your own - here just read and digest these 25 pages...", and so on. I spent the better part of the weekend trying to get the SIMPLEST FORM-BASED AUTHENTICATION to work and ended up rather frustrated due to the lack of a cohernet picture of the required pieces needed to solve the puzzle.
Here's the scenario:
1) There's a web-client who wants to log into a JBoss hosted web-server. The challenge is for the JBoss application server to support a SIMPLE login page.
2) The web-client will attempt to access a URL such as http://www.thatcoolsite.com/funstuff/main - where funstuff is a servlet that requires an authenticated login to be accessed and main is a place-holder page to be returned.
3) There are files including web.xml, roles.properties, user.properties, login.jsp, loginerror.jsp, plus tidbits and mapping vectors all over the place which ALL have to be perfectly aligned and concurring or nothing works.
My question is this: What is the minimum set of particulars that will...
A) Redirect the initial 'main' page call to cause the 'login.jsp' page to be returned to the caller
B) Accept the incoming j_username and j_password elements to be passed to the j_security_check module
C) Allow for the correct recognition of an established User and Role for the incoming args
D) Finally... return some page that announces the login-procedure was successful or failed.
I marked the question 'difficult' - because I am not sure anyone has the time to bother with it. But I appreciate two things: 1) The ability to pose the question - which often helps me find an answer. 2) This site has a WEALTH of good information - and this is something on which I just happen to be stuck - but I look forward to studying other answers already derived for others.
Thank you!
Who is Participating?
Thanks for the quick and obviously helpful response.
I dunno WHY the JBoss-wiki stuff did not appear for my search - but it was very helpful. Also - the javaworld example looks like it may be very useful.
Getting the JBoss example working is the first irder of business - the next step would be to upgrade to the javaworld-described approach as it is much closer to what would be the true, desired solution.
Getting "<security-domain>java:/ja
I'll post a follow-up when and if I make some forward progress.
Thank you!
I dunno WHY the JBoss-wiki stuff did not appear for my search - but it was very helpful. Also - the javaworld example looks like it may be very useful.
Getting the JBoss example working is the first irder of business - the next step would be to upgrade to the javaworld-described approach as it is much closer to what would be the true, desired solution.
Getting "<security-domain>java:/ja
I'll post a follow-up when and if I make some forward progress.
Thank you!
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureAWebApplicationUsingACustomForm
http://wiki.jboss.org/wiki/Wiki.jsp?page=ExtendedFormAuthenticator
http://www.javaworld.com/javaforums/showflat.php?Cat=2&Board=JavaSecurity&Number=2500&page=0&view=collapsed&sb=5&o=&fpart=1