Avatar of curious81
curious81
 asked on

Problem in getting form based authentication with weblogic and struts

Hi,
   I am working on an application. It is using Weblogic as app server and struts framework. I am trying to use form based authentication to authenticate users at the presentation tier. I am having issues getting FBA working using struts, although I am able to make it working if I am not using struts. I will put some code snippets here to explain how it is not working with struts:

jsp:
 <html:form name="loginForm" method="post" action="j_security_check" type="com.org.project.form.LoginForm" onSubmit="javascript:clicked(this)">
    <td width="292" valign="top"><p><img src="../public/images/tcc/existing_pv_user.gif" width="291" height="43"></p>
      <table width="85%"  border="0" align="center" cellpadding="2" cellspacing="0">
      <tr>
        <td colspan="2" class="body"><strong>Username:</strong></td>
        </tr><tr> <td colspan="2">
<html:text property="j_username" size="42"/>
</td> </tr> <tr>
   <td colspan="2" class="body"><strong>Password:</strong></td>
   </tr> <tr> <td colspan="2">
<html:password property="j_password" size="42"/>

struts config looks like:
        <action
            path="j_security_check"
            type="com.org.project.action.LoginAction"
            name="loginForm"
            scope="session">
<forward name="success" path="/html-jsp/welcome.jsp"/>            
        </action>  

        <form-bean
            name="loginForm"
            type="com.org.project.form.LoginForm">
       </form-bean>

The error I get when I run this:
javax.servlet.jsp.JspException: Cannot retrieve mapping for action /j_security_check
      at org.apache.struts.taglib.html.FormTag.lookup(FormTag.java:810)
      at org.apache.struts.taglib.html.FormTag.doStartTag(FormTag.java:506)
      at jsp_servlet._html_45_jsp.__epvlogin._jsp__tag2(__epvlogin.java:211)
      at jsp_servlet._html_45_jsp.__epvlogin._jsp__tag0(__epvlogin.java:152)
      at jsp_servlet._html_45_jsp.__epvlogin._jspService(__epvlogin.java:116)
      at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)

If I put /j_security_check in struts-config, i dont get the error, but then the form based authentication does not work because it uses j_security_check as a keyword. It appends /context-name/j_security_check.do in the view siurce if I put a slash in the struts-config.xml.

I am confident that web.xml and weblogic.xml entries are correct because form based authentication works if I do not use struts in the jsp. Has anyone faced this problem when using form based authentication with struts?

Thanks!
Java App Servers

Avatar of undefined
Last Comment
MehtaJasmin

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
ECollin

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
curious81

ASKER
Thanks,
I could not use struts if I was using JAAS form based authentication!
MehtaJasmin

Hi Curious81,

I am in exact same situation as you are with struts-tags in login page and struts-config.xml.

I also want to use JAAS form based authentication. Did you have to compromise by not using struts tags in form but just the use basic html tags? But what if we want to submit the request of j_security_check to some Struts-action class? If we use plain html then its not using the hiddne variable to go certain struts actionclass's method. I am attaching my code:
Login.jsp
 
<%@ taglib prefix="bean" uri="http://struts.apache.org/tags-bean" %>
<%@ taglib prefix="html" uri="http://struts.apache.org/tags-html" %>
 
<html:html>
  <head>  
    <title><bean:message key="gcc.title"/></title>
    
  </head>
   <body onload="document.LoginForm.j_username.focus();">    
       <table>
          <tr>
            <td width="320" height="240">
                <bean:message key="gcc.title"/> 
            </td>        
          </tr>
        </table>        
        
        <html:form action="j_security_check">
            <p>
                <label>Login ID:</label>
                <html:text property="j_username" maxlength="32" size="26" />
            </p>
            <p>
                <label>Password:</label>
                <html:text property="j_password" maxlength="32" size="26" />
             </p>
            
            <p>
                <html:hidden property="method" value="goToCurrentUserPage"/>
                <html:submit property="Login" value="Login" />
            </p>                    
        </html:form>
  </body>
</html:html>
 
 
Struts-config.xml
 
<action-mappings>
    <action path="/j_security_check"
            name="LoginForm"
            scope="session"
            type="org.nexweb.qol.gcc.actions.GeneralDispatchAction"                              
            parameter="method"
            input="/WEB-INF/jsp/login.jsp"
            validate="false">
      <forward name="mvro" path="/WEB-INF/jsp/mvroUser.jsp"/>
      <forward name="tax" path="/WEB-INF/jsp/taxUser.jsp"/>
      <forward name="nex" path="/WEB-INF/jsp/nexUser.jsp"/>
    </action>
 
Action class:
 
public class GeneralDispatchAction extends DispatchAction
{
    private static final Logger logger =
        Logger.getLogger(GeneralDispatchAction.class);    
        
    public ActionForward goToCurrentUserPage(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception
    {
        logger.info("Entered goToCurrentUserPage()");
        List userRoles = GCCUtil.getUserRoles(request);
        String currentUserRole = "";
        ActionForward forward = null;
        for (int i = 0; i < userRoles.size(); i++)
        {
            String roleFromList = (userRoles.get(i)).toString();
            if(request.isUserInRole(roleFromList)) 
            {
                currentUserRole = roleFromList;
                break;
            }
        }    
        System.out.println("currentUserRole " + currentUserRole);
        logger.info("currentUserRole " + currentUserRole);
        if (StringUtils.isNotBlank(currentUserRole))
        {
           (request.getSession()).setAttribute("currentUserRole", currentUserRole);
            if (StringUtils.equals(GCCUtil.MVRO_CLERK, currentUserRole)
                || (StringUtils.equals(GCCUtil.MVRO_SUPV, currentUserRole)))
            {
                forward = mapping.findForward("mvro");  
            }
            else if (StringUtils.equals(GCCUtil.TAX_CLERK, currentUserRole))                 
            {
                forward = mapping.findForward("tax");
            }
            else if ((StringUtils.equals(GCCUtil.NEX_ADP, currentUserRole))
                    || (StringUtils.equals(GCCUtil.NEX_CLERK, currentUserRole))
                    || (StringUtils.equals(GCCUtil.NEX_SERV, currentUserRole)))
            {
                forward = mapping.findForward("nex");
            }
        }
        return forward;
    } 

Open in new window

I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck