Skip to Main Content
Forums

Java Development Tools

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Form Based Authentication/ HTTP Basic Authentication

159437Jul 30 2007 — edited Sep 24 2007
Hi,
I have setup a custom login module to retrieve the password and role from a DB.
Everything work fine when I used the HTTP Basic Authentication to protect my JSP (adf) pages, but when I set the Form Based Authentication in web.xml the Authentication is well done but the forward to the requested page does work. I have a 404 error after press the submit button on the logon page.

My web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>static</web-resource-name>
<url-pattern>faces/static/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>process</web-resource-name>
<url-pattern>faces/process/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>app/login.jsp</form-login-page>
<form-error-page>app/login.jsp</form-error-page>
</form-login-config>
</login-config>


My orion-application.xml file:
<orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd">
<web-module id="fta" path="file:/D:/jdev/fta/ViewController/public_html/"/>
<library path="./adf"></library>
<log>
<file path="fta-oc4j-app.log"/>
</log>
<jazn provider="XML" location="META-INF/jazn-data.xml" default-realm="jazn.com">
<property name="role.mapping.dynamic" value="true"/>
<property name="custom.loginmodule.provider" value="true"/>
</jazn>
</orion-application>

My JSP:
<form action="j_security_check" method="post">
<table>
<tr>
<td width="120">
<b style="whitespace:nowrap">Login</b>
</td>
<td>
<input type="text" name="j_username"/>
</td>
</tr>
<tr>
<td width="120">
<b>Password</b>
</td>
<td>
<input type="password" name="j_password"/>
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="logon" value="Sign On"/>
</td>
</tr>
</table>
</form>

I try with Jev 10.1.3.3 ( I have also try to deploy on an OAS and I have the same result.)

Someone has any idea what change when we pass from HTTP Basic Authentication to Form-Based Authentication config ?

Thanks,
David.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Oct 22 2007
Added on Jul 30 2007
#application-development-in-java, #jdeveloper-and-adf
23 comments
2,644 views