Skip to Main Content
Forums

Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

JAAS, j_security_check, fileRealm, Filter & authentication - please help

843838May 18 2007 — edited May 18 2007
Hello,

I've tried to follow the tips from this thread:
http://forum.java.sun.com/thread.jspa?threadID=565774&tstart=0
But I can't get the authentication work. After filling the login form, I'm getting 403 when I have lucky moment, or 404.

404 appears on both http://localhost/j_security_check and http://localhost:70/<WebAppName>/j_security_check .

403 appeaed once and indicated authentication failure.

So please, could anyone tell me:

* Where should the login form point to not to get 404? Currently I have action="/<WebAppName>/j_security_check" and throws 404.

* How do I manage the user accounts? That is implemented by the filter? Currently I just let the request "pass through" by calling chain.doFilter(), but once when it worked somehow, I got 403 - access denied.

* What is JAAS, is it simplier to manage authentication?

* What is fileRealm? Some default filter? I've found it in my server's configuration for admin console.

My server is Sun Java System Application Server 9.0. I have found some tutorials and many forum threads, but most about old version of server (7.0) or about other server (Tomcat, Websphere, JBoss).

Thanks a lot for any answers and links... Ondra

---------------------------------------------------------------------------
Here is my web.xml - important parts:

<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>cz.dynawest.jizdnirady.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/j_security_check</url-pattern>
</filter-mapping>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>jizdnirady_realm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login_fail.html</form-error-page>
</form-login-config>
</login-config>

<security-constraint>
<web-resource-collection>
<web-resource-name>AdminPages</web-resource-name>
<description> Accessible by authorised users </description>
<url-pattern>/faces/cms/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>These are the roles who have access</description>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<security-role>
<description/>
<role-name>admin</role-name>
</security-role>
<security-role>
<description/>
<role-name>user</role-name>
</security-role>
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jun 15 2007
Added on May 18 2007
#javaserver-pages-jsp-and-jstl
0 comments
437 views