Hi Experts Exchange Folks,
If we can answer this question - it will very likely be extremely useful to MANY others - so I am hoping you can help me - as well as anyone else who has had to try and get this situation to work. After buying two large books, combing all over the JBoss, MyEclipse, XDoclet sites and asking Google... What I found was that there were TONS of pages with "you can initialize this", "you can specify that", "you can use this new, snazzy, additional interface", "you can design your own - here just read and digest these 25 pages...", and so on. I spent the better part of the weekend trying to get the SIMPLEST FORM-BASED AUTHENTICATION to work and ended up rather frustrated due to the lack of a cohernet picture of the required pieces needed to solve the puzzle.
Here's the scenario:
1) There's a web-client who wants to log into a JBoss hosted web-server. The challenge is for the JBoss application server to support a SIMPLE login page.
2) The web-client will attempt to access a URL such as
http://www.thatcoolsite.com/funstuff/main - where funstuff is a servlet that requires an authenticated login to be accessed and main is a place-holder page to be returned.
3) There are files including web.xml, roles.properties, user.properties, login.jsp, loginerror.jsp, plus tidbits and mapping vectors all over the place which ALL have to be perfectly aligned and concurring or nothing works.
My question is this: What is the minimum set of particulars that will...
A) Redirect the initial 'main' page call to cause the 'login.jsp' page to be returned to the caller
B) Accept the incoming j_username and j_password elements to be passed to the j_security_check module
C) Allow for the correct recognition of an established User and Role for the incoming args
D) Finally... return some page that announces the login-procedure was successful or failed.
I marked the question 'difficult' - because I am not sure anyone has the time to bother with it. But I appreciate two things: 1) The ability to pose the question - which often helps me find an answer. 2) This site has a WEALTH of good information - and this is something on which I just happen to be stuck - but I look forward to studying other answers already derived for others.
Thank you!
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureAWebApplicationUsingACustomForm
http://wiki.jboss.org/wiki/Wiki.jsp?page=ExtendedFormAuthenticator
http://www.javaworld.com/javaforums/showflat.php?Cat=2&Board=JavaSecurity&Number=2500&page=0&view=collapsed&sb=5&o=&fpart=1