Form-based Authentication doesn't work right.....
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Joseph_Sadove
Posted On:   Thursday, September 4, 2003 02:12 PM

I am trying to do form-based authentication (FBA) in what would seem a normal way but it is not working. Here is what I do and what happens, see below for the environment, web.xml, etc.: I want to enter the application by the url http://servername/contextroot. When I do this, I get a 404. When I enter http://servername/contextroot/secure/index.jsp access is correctly denied, but I am not routed to the login page or error page. When I enter http://servername/contextroot/Login, I am correctly given the logon page. But after I enter userid/password and submit, I get 404 on http://servername/contextroot/j_security_check. Which I guess makes sense, j_security_check should be without contextroot (???   More>>

I am trying to do form-based authentication (FBA) in what would seem a normal way but it is not working.


Here is what I do and what happens, see below for the environment, web.xml, etc.:


I want to enter the application by the url http://servername/contextroot. When I do this, I get a 404.


When I enter http://servername/contextroot/secure/index.jsp access is correctly denied, but I am not routed to the login page or error page.


When I enter http://servername/contextroot/Login, I am correctly given the logon page. But after I enter userid/password and submit, I get 404 on http://servername/contextroot/j_security_check. Which I guess makes sense, j_security_check should be without contextroot (???).


Can anyone straighten this out for me? I've followed the myriad examples out there as close as reasonable and no-go.
Thanks hugely in advance.



CONFIGURATION:
Win2K
Websphere 5.0
Domino5 LDAP



WEB.XML:
<?xml version="1.0" encoding="UTF-8"?>



mtts

LoginFilter
LoginFilter
mizuho.mtts.struts.security.LoginFilter


LoginFilter
/LoginFilter


LoginFilter
action


LoginFilter
Login


LoginFilter
logout


LoginFilter
/j_security_check


action
org.apache.struts.action.ActionServlet

config
/WEB-INF/struts-config.xml


debug
2


detail
2

2


Login
Login
/Login.jsp


loginError
loginError
/loginError.jsp


logout
logout
/logout.jsp


action
*.do


Login
/Login


loginError
/loginError


logout
/logout


/secure/index.jsp


/tags/struts-bean
/WEB-INF/struts-bean.tld


/tags/struts-html
/WEB-INF/struts-html.tld


/tags/struts-logic
/WEB-INF/struts-logic.tld


/tags/struts-nested
/WEB-INF/struts-nested.tld


/tags/struts-tiles
/WEB-INF/struts-tiles.tld



Secure Directory
Secure Pages

/secure/*

GET

PUT

HEAD

TRACE

POST

DELETE

OPTIONS


Struts apps
Struts apps qualifier

*.do

GET

PUT

HEAD

TRACE

POST

DELETE

OPTIONS


All users
user


NONE



FORM
Timesheet

/Login.jsp
/loginError.jsp



Restrict access to Authenticated Users
user

   <<Less
About | Sitemap | Contact