Faces context not found (Form based authentication)

Similar Messages

• Faces context not found

  hi,
  Created a sample application with struts-faces integration.i am providing the <welcome-file-list> tag entry in the web.xml.Now when i try to hit the deployed application, i get error "Cannot find FacesContext".I guess i am not supposed to provide the path "faces/index.jsp" in a html file(the way it is done in a pure faces app),since the <welcome-file-list> should take care of it.The sample app provided also does not go thru a html file.
  plz help.
  Thanks in advance.
  Kshitij

  ok...i got the solution. Was trying to acces the jsp page without a "/faces" prefix.Thought it wae not necessary since you can give a <welcome-file-list> entry.but you have to.
  kshitij.

• Logout Functionality in Form Based Authentication Not Working Properly

  Hi All,
  I am using Form Based Authentication in ADF. In this I followed the following steps:-
  1.Login On Page.
  2.In successful login page ,copy the url
  3.Click on "Logout"
  4.Paste the url in login page and click enter
  5.System taking me back to that page where I can perform all the actions.
  But the Login operation should not happen just by entering the url. Please provide any help how to stop redirecting to my authenticated page just by typing the url. This is a big security constraint.Any Assistance to this is highly appreciated.
  Thanks & Regards
  Lovenish Garg

  Hi BaiG,
  For Login I am using the form based authentication and for logout here is my code:-
  public void logout() {
  ExternalContext ectx =
  FacesContext.getCurrentInstance().getExternalContext();
  HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
  HttpSession session = (HttpSession)ectx.getSession(false);
  session.invalidate();
  response.setHeader("Cache-Control", "no-cache");
  response.setHeader("expires", "0");
  response.setHeader("Pragma", "no-cache");
  try {
  response.sendRedirect("AdminLogin.html");
  } catch (IOException e) {
  logger.severe(e.getMessage());
  //Inform JSF to not take the response in hands
  FacesContext.getCurrentInstance().responseComplete();
  logger.info("session invalidated");
  Thanks,
  Lovenish Garg

• J_security_check in form-based authentication - not checking for blank passwords

  I am using the LDAP Security Realm to authenticate against an iPlanet
  Directory Server. All works as expected when a user-id and password
  are entered for form-based authentication.
  However, when a userid is entered but no password, j_security_check
  logs the user in successfully. Aparently, this is correct LDAP
  behaviour as anonymous login to the LDAP server is permitted. It seems
  that the j_security_check servlet should check for blank passwords
  before trying to authenticate against the LDAP server and fail
  authentication if this is the case.
  Has anyone else experienced this problem?

  Hi Brian,
  I do not believe it is j_security_check's job to check for blank
  passwords.
  In many security realms, it is "legal" for a user to have a blank
  password. j_security_check forwards whatever password was entered so that
  even users with blank passwords can be authenticated by the realm on the
  backend. For this reason I believe that j_security_check is "doing the
  right thing" by just forwarding whatever is presented to it, rather than
  having its own logic. It is best if j_security_check just acts as a very
  dumb middle man.
  If behavior was altered, it is true that your particular problem would be
  solved, but then many other people would have a problem with their users
  with blank passwords authenticating properly...
  Try looking into how to disable anonymous logins on the LDAP end of
  things. Hope this helps.
  Cheers,
  Joe Jerry
  brian wrote:
  I am using the LDAP Security Realm to authenticate against an iPlanet
  Directory Server. All works as expected when a user-id and password
  are entered for form-based authentication.
  However, when a userid is entered but no password, j_security_check
  logs the user in successfully. Aparently, this is correct LDAP
  behaviour as anonymous login to the LDAP server is permitted. It seems
  that the j_security_check servlet should check for blank passwords
  before trying to authenticate against the LDAP server and fail
  authentication if this is the case.
  Has anyone else experienced this problem?

• Form Based Authentication not working for my sharepoint site.

  I am using FIM 2010 r2 on Sharepoint -80 . I tried to use forms based authentication instead of default windows based auth. But the site is not even redirecting to the custom login page i am trying to connect .
  Any suggestions ?

  Issue has been resolved.  There was no interesting work-a-round or fix involved.

• Form based authentication in JSF

  Hi,
  I am using form based authentication in JSF .
  I am not able to display the JSF page.
  I have this security constraint in my web.xml
  <security-constraint>
  <display-name>Example Security Constraint</display-name>
  <web-resource-collection>
  <web-resource-name>Protected Area</web-resource-name>
  <url-pattern>/jsp/WorkingZone.jsp</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>manager</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>Example Form-Based Authentication Area</realm-name>
  <form-login-config>
  <form-login-page>/Login/login.jsp</form-login-page>
  <form-error-page>/Login/error.jsp</form-error-page>
  </form-login-config>
  </login-config>
  WorkingZone.jsp is a jsp page with JSF components.Which can only be invoked with faces context.
  I am using JDBCRealm
  For the valid user I am getting this error------>
  HTTP Status 400 - Invalid direct reference to form login page
  type Status report
  message Invalid direct reference to form login page
  description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).
  Please give me the solution.How can I access my jsf page.

  Thank you.
  Marcos
  Hi,
  It should help you:
  http://searchsoftwarequality.techtarget.com/searchAppS
  ecurity/downloads/JSF_ch15.pdf
  Message was edited by:
  syllepsa

• Forcing specific clients or groups to use forms based authentication (FBA) instead of windows based authentication (WIA) with ADFS

  Hi,
  We are have a quite specific issue. The problem is most likely by design in ADFS 3.0 (running on Windows Server 2012 R2) and we are trying to find a "work-around".
  Most users in the organization is using their own personal computer and everything is fine and working as expected, single sign-on (WIA) internally to Office 365 and forms based (FBA) externally (using Citrix NetScaler as reverse proxy and load
  balancing with the correct rewrites to add client-ip, proxy header and URL-transformation).
  The problem occurs for a few (50-100) users where they are sharing the same computer, automatically logged on to the computer using a generic AD-user (same for all of them). This AD-user they are logged on with does not have any access to Office365
  and if they try to access SharePoint Online they receive an error that they can't login (from SharePoint Online, not ADFS).
  We can't change this, they need to have this generic account logged on to these computers. The issue occurs when a user that has access to SharePoint Online tries to access it when logged on with a generic account.
  They are not able to "switch" from the generic account in ADFS / SharePoint Online to their personal account.
  The only way I've found that may work is removing IE as a WIA-capable agent and deploy a User-Agent version string specific to most users but not the generic account.
  My question to you: Is there another way? Maybe when ADFS sees the generic user, it forces forms based authentication or something like that?
  Best regards,
  Simon

  I'd go with your original workaround using the user-agent and publishing a GPO for your normal users that elects to use a user-agent string associated with Integrated Windows Auth.. for the generic accounts, I'd look at using a loopback policy that overwrites
  that user agent setting, so that forms logon is preferred for that subset of users. I don't think the Netscaler here is useful in this capacity as it's a front-end proxy and you need to evaluate the AuthZ rules on the AD FS server after the request has been
  proxied. The error pages in Windows Server 2012 R2 are canned as the previous poster mentioned and difficult to customize (Javascript only)...
  http://blog.auth360.net

• Error re-logging in after session timeout using form-based authentication

  Hello,
  We have a web app configured for form-based authentication. When the session times out, we're redirected to our login page as expected. However, after re-logging in, we are not redirected to the desired page (e.g., /faces/OurMainPage.jspx) but to /afr/page_lev_idle.gif.
  Do we have to do anything special for session timeouts?
  Thanks,
  Rico

  Some extra information that might help:
  After re-logging in and we're in /afr/page_lev_idle.gif, we hit the browser Back button (showing the login page again) and then hit the browser Refresh/Reload button and voila we're at the page we expect to be.
  Rico

• Form based authentication HTTP 403 access forbidden in WL 8.1

  Hi there..
  I found following message posted in April-2004 by Sandeep very useful.
  I also ended up getting the following HTTP 403 Forbidden access error while using Pageflow controller and Form based authentication.
  I noticed 2 things. If you have a normal webapp A, which is a plain old webapp (which does not use pageflow..workshop etc..) then the following error does not occur.
  It only happens with those webapps which utilizes WL 8.1's pageflow features. Note that I am not using nested page flows. I just used 1 pageflow controller and wanted to have the form based login feature for the same.
  BEA's samples on form authentication talks about nested page flows and javax.security.auth.login.FailedLoginException and etc.. are they only applicable to nested pageflows?
  can't I use the same to capture failed login exception within a single controller?
  I tried out putting FailedLoginException exception-handler in Global.app file but it didn't catch it. Only the following work around worked. is this a bug in WL 8.1 workshop? or I am missing something.
  I would appreciate if someone can clear this doubt.
  I am using WL 8.1 with sp3.
  Rajesh
  Hey guys,
  I could find the solution for my problem. Here it is
  We need to add following lines of code in the erro.jsp page.
  <form action"j_security_check>
  ....write the error mesage....
  </form>
  You will get rid of "403 Forbidden page" error.
  Thanks,
  Sandip
  [email protected] (Sandip Atkole) wrote in message news:<[email protected]>...
  I am trying to set up Form-Based Authentication on WebLogic 8.1
  The Problem:
  If the user provides correct userid/password, he gets access to the
  protected resource as required, but if he provides incorrect
  userid/password, he gets a 403 Forbidden page, instead of getting the
  login failure page.
  The Descriptors:
  WEB.XML
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/Login.jsp</form-login-page>
  <form-error-page>/LoginError.jsp</form-error-page>
  </form-login-config>
  </login-config>
  Why doesn't it redirect to "/LoginError.jsp" instead of showing the
  403 Forbidden page?
  Thanks in advance
  Sandip

  It seems like a bug. However when I explicitly reset the error using set status it worked for me. I added following code in my error jsp .
  <%     
       response.setHeader("conent-type","text/html");
       response.setStatus(200);
  %>

• Session expired message in form based authentication

  Hi, i m using JAAS form based authentication on jboss for our application and we want session expired message to show in the login form when it loads for authentication after session expired.
  do any one have any idea how to achive this as the application will never be able to detect that the session expired as it will always have a valid session available becoz ,When an HTTP session expires and the client makes a request to any secured resource, the JAAS subject will not be found for authorization. At this point, the security framework creates a new HTTP session, stores the target URL value in the session, and then redirects the user to the login page. After a successful login process, the user is forwarded back to the target page,
  but our Web applications may need to capture these session expiration events and show some custom message to the user.
  HTTP session listener doesn't work here as HTTP session listener does not allow you to create a new session.
  Thanks in advance

  ObSSOCookie does have session time data. Access Manager SDK can parse the cookie and can access it's own settings for max and idle session time.
  Trick is, once the user is logged out, the cookie is destroyed. I suspect there is no real practical way to do this.
  I have pondered the idea that you could use AJAX to communicate with a service that uses the SDK to return data about current session state - "You have 40 seconds left to get your form filled out, buddy! 39, 38, 37..."
  Oh to have that much free time... ;)
  Mark

• Performing form based authentication with entities

  Hey everyone,
  Im in a major dilemma.Im trying to perform form-based authentication using entities.I have created the entity class from the database,and I used a SLSB to access the bean method via JNDI(when I tried using dependency injection,there was an exception).I also cannot use hibernate as a persistent provider.I used toplink since it is the default in netbeans 5.5.1 and it did not raise any issues.But then,I noticed that toplink is most compatible with the oracle application server,and I use sun java system application server 9.1.I have not been able to successfully perform the authentication.
  here's the code:note,there are still bugs as ive been going back and forth trying to find a solution and also because Ive been working with preexisting code.
  model:
  SLSB
  * userValidationBean.java
  * Created on 26 March 2008, 18:25
  * To change this template, choose Tools | Template Manager
  * and open the template in the editor.
  package Entities;
  import javax.ejb.Stateless;
  import javax.ejb.Remote;
  import java.util.List;
  import javax.persistence.PersistenceContext;
  import javax.persistence.EntityManager;
  import javax.persistence.Query;
  import Entities.UserTable;
  import javax.transaction.UserTransaction;
  import javax.annotation.Resource;
  //the reason for the many comments is that im still debugging and there are still some bugs.Ive also been trying to go back and forth just
  //to get a solution.
  //the other accompanying classes had preexisting code i wrote earlier.
  * @author Ayo
  @Stateless
  @Remote(userValidationRemote.class)
  public class userValidationBean implements Entities.userValidationRemote {
  @PersistenceContext private EntityManager manager;
  @Resource private javax.transaction.UserTransaction tran;
  /** Creates a new instance of userValidationBean */
  public userValidationBean() {
  //"SELECT u.username,u.password FROM UserTable u WHERE u.username =?1 and u.password=?2"
  public boolean checkUser()
  try
  tran.begin();
  UserTable user=new UserTable();
  Query query=manager.createQuery("select u.username,u.password from u.user_table where u.username=:username and u.password=:password");
  /*query.set("username",user.getUsername());
  query.setParameter("password",user.getPassword());*/
  query.setParameter("username",user.getUsername());
  query.setParameter("password",user.getPassword());
  userValidationBean ubean=(userValidationBean)query.getSingleResult();
  boolean result=ubean==null?true:false;
  tran.commit();
  catch(Exception e)
  System.out.println("Error:"+e);
  // boolean result=ubean==null?true:false;
  return result;
  remote interface
  package Entities;
  import javax.ejb.Remote;
  import Entities.UserTable;
  * This is the business interface for userValidation enterprise bean.
  @Remote
  public interface userValidationRemote {
  public boolean checkUser();
  controller:servlet
  * userCheck.java
  * Created on 15 March 2008, 22:41
  package servlets;
  import Entities.UserTable;
  import Entities.userValidationBean;
  import javax.annotation.*;
  import Entities.userValidationRemote;
  import java.io.*;
  import java.net.*;
  import java.sql.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import javax.ejb.*;
  import javax.naming.*;
  import javax.persistence.*;
  * @author Ayo
  * @version
  public class userCheck extends HttpServlet {
  //@EJB userValidationRemote userRemote;
  boolean checkUser;
  String username,password;
  /** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
  * @param request servlet request
  * @param response servlet response
  protected void processRequest(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  /*con=null;
  ps=null;
  rs=null;
  s=null;
  */response.setContentType("text/html;charset=UTF-8");
  PrintWriter out = response.getWriter();
  username=request.getParameter("username");
  password=request.getParameter("password");
  if(username==""||password=="")
  //RequestDispatcher de=request.getRequestDispatcher("admin_error.jsp");
  //de.forward(request,response);
  //showError("<b><font color=\"red\">Invalid Login details!</font></b>",request,response);
  showError("<b><font color=\"red\">Please fill in the required blanks.</font></b>",request,response);
  else
  try
  Context ctx=new InitialContext();
  userValidationRemote userRemote=(userValidationRemote)ctx.lookup("Entities.userValidationRemote");
  checkUser= userRemote.checkUser();
  //checkUser= userRemote.checkUser();
  //return;
  //checkUser(UserTable user);
  catch(Exception e)
  out.println("Error:"+e);
  //userValidation.checkUser(UserTable user);
  if(checkUser==true)
  RequestDispatcher d=request.getRequestDispatcher("blah.jsp");
  d.forward(request,response);
  else if(checkUser==false)
  // RequestDispatcher d=request.getRequestDispatcher("admin_error.jsp");
  //d.forward(request,response);
  showError("<b><font color=\"red\">Invalid Login details!</font></b>",request,response);
  //call bean(stateless or stateful)which access method on entity that validates.
  // checkUser(request,response);
  /* TODO output your page here
  out.println("<html>");
  out.println("<head>");
  out.println("<title>Servlet userCheck</title>");
  out.println("</head>");
  out.println("<body>");
  out.println("<h1>Servlet userCheck at " + request.getContextPath () + "</h1>");
  out.println("</body>");
  out.println("</html>");
  //out.close();
  /* public synchronized void checkUser(HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
  if(username==""&&password=="")
  showError("<b><font color=\"red\">Please fill in the required blanks.</font></b>",request,response);
  else
  try
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select username,password from user_table where username=?and password=?");
  ps.setString(1,username);
  ps.setString(2,password);
  rs=ps.executeQuery();
  if(rs.next())
  user=rs.getString(1);
  pass=rs.getString(2);
  //check user type,wether super admin,user or the other subadmins or a regular user.
  checkType(request,response);
  else
  //redirect to admin error page,then close the connection.
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  con.close();
  catch(Exception e)
  private synchronized void checkType(HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
  try
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select user_type,user_id,access_level from user_table where username=? and password=?");
  ps.setString(1,user);
  ps.setString(2,pass);
  rs=ps.executeQuery();
  if(rs.next())
  user_type=rs.getString(1);
  user_id=""+rs.getInt(2);
  access_level=rs.getString(3);
  if(user_type.equals("super")&&(access_level.equals("all")))
  //create admin user session,add to the username and the user_id.
  //redirect to super admin page,with access rights to create
  //health admin,insurance admin and HMO admin.
  //pretty cool stuff!
  HttpSession session=request.getSession(true);
  session.setAttribute("user",user);
  session.setAttribute("user_id",user_id);
  RequestDispatcher dispatcher=request.getRequestDispatcher("admin_user_page.jsp");
  dispatcher.forward(request,response);
  //session.setAttribute(user_id);
  //remember to create a hidden field if you need to pass this information
  //to another page and retrieve the super admin id to track his activities.
  else if(user_type.equals("health administrator")&&(access_level.equals("Health")))
  HttpSession session=request.getSession(true);
  session.setAttribute("user",user);
  session.setAttribute("user_id",user_id);
  RequestDispatcher des=request.getRequestDispatcher("health_admin_user_page.jsp");
  des.forward(request,response);
  //check for other user types,health admin,hmo admin and insurance admin.
  else if(user_type.equals("hmo administrator")&&(access_level.equals("HMO")))
  HttpSession session=request.getSession(true);
  session.setAttribute("user",user);
  session.setAttribute("user_id",user_id);
  RequestDispatcher d=request.getRequestDispatcher("hmo_admin_user_page.jsp");
  d.forward(request,response);
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  else if(user_type.equals("insurance administrator")&&(access_level.equals("insurance")))
  HttpSession session=request.getSession(true);
  session.setAttribute("user",user);
  session.setAttribute("user_id",user_id);
  RequestDispatcher de=request.getRequestDispatcher("insurance_admin_user_page.jsp");
  de.forward(request,response);
  else if(user_type.equals("user")&&(access_level.equals("health")))
  try
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql:http://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select staff_id from user_table where username=?and password=?");
  ps.setString(1,username);
  ps.setString(2,password);
  rs=ps.executeQuery();
  if(rs.next())
  String staff_id=""+rs.getInt(1);
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select * from health_staff_table where staff_id=?");
  ps.setString(1,staff_id);
  rs=ps.executeQuery();
  if(rs.next())
  //retrieve the values from health staff and store them in variables.
  //store important variables in user sessions e.g.staff_id,username,place of work for display in the web page.
  //redirect to required page.
  String first_name=rs.getString("first_name");
  String last_name=rs.getString("last_name");
  String work_place=rs.getString("place_of_work");
  HttpSession session=request.getSession(true);
  session.setAttribute("first_name",first_name);
  session.setAttribute("last_name",last_name);
  session.setAttribute("work_place",work_place);
  session.setAttribute("staff_id",staff_id);
  //redirect to user page.
  else
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  else
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  catch(Exception e)
  //catch exception and redirect to page.
  else if(user_type.equals("user")&&(access_level.equals("HMO")))
  try
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql:http://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select staff_id from user_table where username=?and password=?");
  ps.setString(1,username);
  ps.setString(2,password);
  rs=ps.executeQuery();
  if(rs.next())
  String staff_id=""+rs.getInt(1);
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select * from hmo_staff_table where staff_id=?");
  ps.setString(1,staff_id);
  rs=ps.executeQuery();
  if(rs.next())
  //retrieve the values from HMO staff and store them in variables.
  //store important variables in user sessions e.g.staff_id,username,place of work for display in the web page.
  //redirect to required page.
  String first_name=rs.getString("first_name");
  String last_name=rs.getString("last_name");
  String work_place=rs.getString("place_of_work");
  HttpSession session=request.getSession(true);
  session.setAttribute("first_name",first_name);
  session.setAttribute("last_name",last_name);
  session.setAttribute("work_place",work_place);
  session.setAttribute("staff_id",staff_id);
  else
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  else
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  catch(Exception e)
  //catch exception and redirect to page.
  else if(user_type.equals("user")&&(access_level.equals("insurance")))
  try
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql:http://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select staff_id from user_table where username=?and password=?");
  ps.setString(1,username);
  ps.setString(2,password);
  rs=ps.executeQuery();
  if(rs.next())
  String staff_id=""+rs.getInt(1);
  Class.forName("com.mysql.jdbc.Driver");
  con=DriverManager.getConnection("jdbc:mysql://localhost:3306/Health_Management_System","root","");
  ps=con.prepareStatement("select * from insurance_staff_table where staff_id=?");
  ps.setString(1,staff_id);
  rs=ps.executeQuery();
  if(rs.next())
  //retrieve the values from insurance staff and store them in variables.
  //store important variables in user sessions e.g.staff_id,username,place of work for display in the web page.
  //redirect to required page.
  String first_name=rs.getString("first_name");
  String last_name=rs.getString("last_name");
  String work_place=rs.getString("place_of_work");
  HttpSession session=request.getSession(true);
  session.setAttribute("first_name",first_name);
  session.setAttribute("last_name",last_name);
  session.setAttribute("work_place",work_place);
  session.setAttribute("staff_id",staff_id);
  else
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  else
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  catch(Exception e)
  //catch exception and redirect to page.
  else
  //invalid login details.After all else fails.
  showError("<b><font color=\"red\">Invalid Login details.</font></b>",request,response);
  catch(Exception e)
  private void showError(String errorMsg,HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
  request.setAttribute("error_msg",errorMsg);
  RequestDispatcher dispatcher=request.getRequestDispatcher("admin_error.jsp");
  dispatcher.forward(request,response);
  // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
  /** Handles the HTTP <code>GET</code> method.
  * @param request servlet request
  * @param response servlet response
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  processRequest(request, response);
  /** Handles the HTTP <code>POST</code> method.
  * @param request servlet request
  * @param response servlet response
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  processRequest(request, response);
  /** Returns a short description of the servlet.
  public String getServletInfo() {
  return "Short description";
  // </editor-fold>
  view
  <%@ page contentType="text/html; charset=utf-8" language="java" import="java.sql.*" errorPage="" %>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Login</title>
  <style type="text/css">
  <!--
  .style3 {     color: #000000;
       font-family: Arial, Helvetica, sans-serif;
       font-size: 12px;
  .style1 {color: #0000FF}
  .style4 {
       color: #0000FF;
       font-size: 12px;
  .style5 {
       font-size: 12px
  .style6 {
       color: #FF0000;
       font-size: 12px;
  .style7 {
       font-size: 36px
  .style8 {color: #000000}
  -->
  </style>
  </head>
  <body>
  <table width="564" border="0" align="center">
  <tr>
  <td width="558" bgcolor="#CCCCCC" class="style1"><div align="center">
  <p> </p>
  <h1 class="style7">Welcome to HealthPort</h1>
  <p>HealthPort Login</p>
  <p><span class="style8">Today's date is:<%= new java.util.Date() %></span></p>
  <form id="form1" name="form1" method="post" action="userCheck">
  <p align="right" class="style3">Username
  <label></label>
  <input type="text" name="username" id="username" />
  </p>
  <p align="right" class="style3">Password
  <input type="password" name="password" id="password" />
  </p>
  <p align="right" class="style3">
  <span class="style6">
  <label></label>
  <label></label>
  </span>
  <span class="style5">
  <label></label>
  </span>
  <label>
  <input type="submit" name="button" id="button" value="Login" />
  </label>
  </p>
  <div align="right">
  </div></form>
  <div align="right"><div align="left"><p align="right"> </p>
  </div></div></div></td>
  </tr>
  <tr>
  <td bgcolor="#CCCCCC" class="style1"> </td>
  </tr>
  </table>
  </body>
  </html>
  so,that's about it.I'd appreciate it.I know this is a lot.I'm grateful
  Ayo.

  Hi.Im still having issues trying to perform form based authenticatin with entities.I tried this method but im getting errors on the marked lines.
  controller servlet
  * userCheck.java
  * Created on 15 March 2008, 22:41
  package servlets;
  import Entities.UserTable;
  import Entities.userValidationBean;
  import javax.annotation.*;
  import Entities.userValidationRemote;
  import java.io.*;
  import java.net.*;
  import java.sql.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import javax.ejb.*;
  import javax.naming.*;
  import javax.persistence.*;
  * @author Ayo
  * @version
  public class userCheck extends HttpServlet {
  //@EJB userValidationRemote userRemote;
  boolean checkUser;
  String username,password;
  /** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
  * @param request servlet request
  * @param response servlet response
  protected void processRequest(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  /*con=null;
  ps=null;
  rs=null;
  s=null;
  */response.setContentType("text/html;charset=UTF-8");
  PrintWriter out = response.getWriter();
  username=request.getParameter("username");
  password=request.getParameter("password");
  if(username==""||password=="")
  showError("<b><font color=\"red\">Please fill in the required blanks.</font></b>",request,response);
  else
  try
  Context ctx=new InitialContext();
  userValidationRemote userRemote=(userValidationRemote)ctx.lookup("Entities.userValidationRemote");
  (error on this line-saying ')' expected and no matter if i add ) there is still erro)userRemote.authenticate(String p_user,String p_password);
  catch(Exception e)
  out.println("Error:"+e);
  if(checkUser==true)
  RequestDispatcher d=request.getRequestDispatcher("blah.jsp");
  d.forward(request,response);
  else if(checkUser==false)
  showError("<b><font color=\"red\">Invalid Login details!</font></b>",request,response);
  private void showError(String errorMsg,HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
  request.setAttribute("error_msg",errorMsg);
  RequestDispatcher dispatcher=request.getRequestDispatcher("admin_error.jsp");
  dispatcher.forward(request,response);
  // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
  /** Handles the HTTP <code>GET</code> method.
  * @param request servlet request
  * @param response servlet response
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  processRequest(request, response);
  /** Handles the HTTP <code>POST</code> method.
  * @param request servlet request
  * @param response servlet response
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  processRequest(request, response);
  /** Returns a short description of the servlet.
  public String getServletInfo() {
  return "Short description";
  // </editor-fold>
  view
  <%@ page contentType="text/html; charset=utf-8" language="java" import="java.sql.*" errorPage="" %>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Login</title>
  <style type="text/css">
  <!--
  .style3 {     color: #000000;
       font-family: Arial, Helvetica, sans-serif;
       font-size: 12px;
  .style1 {color: #0000FF}
  .style4 {
       color: #0000FF;
       font-size: 12px;
  .style5 {
       font-size: 12px
  .style6 {
       color: #FF0000;
       font-size: 12px;
  .style7 {
       font-size: 36px
  .style8 {color: #000000}
  -->
  </style>
  </head>
  <body>
  <table width="564" border="0" align="center">
  <tr>
  <td width="558" bgcolor="#9DACBF" class="style1"><div align="center">
  <p> </p>
  <h1 class="style7">Welcome to HealthPort</h1>
  <p>HealthPort Login</p>
  <p><span class="style8">Today's date is:<%= new java.util.Date() %></span></p>
  <form id="form1" name="form1" method="post" action="userCheck">
  <p align="right" class="style3">Username
  <label></label>
  <input type="text" name="username" id="username" />
  </p>
  <p align="right" class="style3">Password
  <input type="password" name="password" id="password" />
  </p>
  <p align="right" class="style3">
  <span class="style6">
  <label></label>
  <label></label>
  </span>
  <span class="style5">
  <label></label>
  </span>
  <label>
  <input type="submit" name="button" id="button" value="Login" />
  </label>
  </p>
  <div align="right">
  </div></form>
  <div align="right"><div align="left"><p align="right"> </p>
  </div></div></div></td>
  </tr>
  <tr>
  <td bgcolor="#CCCCCC" class="style1"> </td>
  </tr>
  </table>
  </body>
  </html>
  SLSB (implements userValidationRemote)
  * userValidationBean.java
  * Created on 26 March 2008, 18:25
  * To change this template, choose Tools | Template Manager
  * and open the template in the editor.
  package Entities;
  import javax.ejb.Stateless;
  import javax.ejb.Remote;
  import javax.persistence.PersistenceContext;
  import javax.persistence.EntityManager;
  import javax.persistence.Query;
  import Entities.UserTable;
  import javax.annotation.*;
  //import javax.transaction.UserTransaction;
  * @author Ayo
  @Stateless(mappedName="ejb/facade/userValidationBean")
  @Remote(userValidationRemote.class)
  (error on this line saying can't find class TransactionManagement)@TransactionManagement(value=TransactionManagementType.CONTAINER)
  public class userValidationBean implements Entities.userValidationRemote {
  @PersistenceContext(unitName="HealthInsuranceApp-ejbPU") private EntityManager manager;
  /** Creates a new instance of userValidationBean */
  public userValidationBean() {
  //"SELECT u.username,u.password FROM UserTable u WHERE u.username =?1 and u.password=?2"
  public boolean authenticate(String p_user,String p_password)
  UserTable m_user=manager.find(UserTable.class,p_user);
  if(m_user!=null)
  return m_user.getPassword().equals(p_password);
  return false;
  Entity
  * UserTable.java
  * Created on 29 March 2008, 13:24
  * To change this template, choose Tools | Template Manager
  * and open the template in the editor.
  package Entities;
  import java.io.Serializable;
  import javax.persistence.Column;
  import javax.persistence.Entity;
  import javax.persistence.Id;
  import javax.persistence.Table;
  * Entity class UserTable
  * @author Ayo
  @Entity(name="qs_UserPwd")
  @Table(name = "user_table")
  public class UserTable implements Serializable {
  @Id
  @Column(name = "user_id", nullable = false)
  private Integer userId;
  @Column(name = "username")
  private String username;
  @Column(name = "password")
  private String password;
  @Column(name = "user_type")
  private String userType;
  @Column(name = "access_level")
  private String accessLevel;
  @Column(name = "staff_id")
  private Integer staffId;
  @Column(name = "staff_type", nullable = false)
  private String staffType;
  @Column(name = "time_created")
  private String timeCreated;
  @Column(name = "time_modified")
  private String timeModified;
  @Column(name = "time_logged_in")
  private String timeLoggedIn;
  @Column(name = "time_logged_out")
  private String timeLoggedOut;
  @Column(name = "created_by")
  private String createdBy;
  /** Creates a new instance of UserTable */
  public UserTable() {
  * Creates a new instance of UserTable with the specified values.
  * @param userId the userId of the UserTable
  public UserTable(Integer userId) {
  this.userId = userId;
  * Creates a new instance of UserTable with the specified values.
  * @param userId the userId of the UserTable
  * @param staffType the staffType of the UserTable
  public UserTable(Integer userId, String staffType) {
  this.userId = userId;
  this.staffType = staffType;
  public UserTable(String p_user,String p_password)
  setUsername(p_user);
  setPassword(p_password);
  * Gets the userId of this UserTable.
  * @return the userId
  public Integer getUserId() {
  return this.userId;
  * Sets the userId of this UserTable to the specified value.
  * @param userId the new userId
  public void setUserId(Integer userId) {
  this.userId = userId;
  * Gets the username of this UserTable.
  * @return the username
  public String getUsername() {
  return this.username;
  * Sets the username of this UserTable to the specified value.
  * @param username the new username
  public void setUsername(String p_user) {
  p_user = username;
  * Gets the password of this UserTable.
  * @return the password
  public String getPassword() {
  return this.password;
  * Sets the password of this UserTable to the specified value.
  * @param password the new password
  public void setPassword(String p_password) {
  p_password=password;
  * Gets the userType of this UserTable.
  * @return the userType
  public String getUserType() {
  return this.userType;
  * Sets the userType of this UserTable to the specified value.
  * @param userType the new userType
  public void setUserType(String userType) {
  this.userType = userType;
  * Gets the accessLevel of this UserTable.
  * @return the accessLevel
  public String getAccessLevel() {
  return this.accessLevel;
  * Sets the accessLevel of this UserTable to the specified value.
  * @param accessLevel the new accessLevel
  public void setAccessLevel(String accessLevel) {
  this.accessLevel = accessLevel;
  * Gets the staffId of this UserTable.
  * @return the staffId
  public Integer getStaffId() {
  return this.staffId;
  * Sets the staffId of this UserTable to the specified value.
  * @param staffId the new staffId
  public void setStaffId(Integer staffId) {
  this.staffId = staffId;
  * Gets the staffType of this UserTable.
  * @return the staffType
  public String getStaffType() {
  return this.staffType;
  * Sets the staffType of this UserTable to the specified value.
  * @param staffType the new staffType
  public void setStaffType(String staffType) {
  this.staffType = staffType;
  * Gets the timeCreated of this UserTable.
  * @return the timeCreated
  public String getTimeCreated() {
  return this.timeCreated;
  * Sets the timeCreated of this UserTable to the specified value.
  * @param timeCreated the new timeCreated
  public void setTimeCreated(String timeCreated) {
  this.timeCreated = timeCreated;
  * Gets the timeModified of this UserTable.
  * @return the timeModified
  public String getTimeModified() {
  return this.timeModified;
  * Sets the timeModified of this UserTable to the specified value.
  * @param timeModified the new timeModified
  public void setTimeModified(String timeModified) {
  this.timeModified = timeModified;
  * Gets the timeLoggedIn of this UserTable.
  * @return the timeLoggedIn
  public String getTimeLoggedIn() {
  return this.timeLoggedIn;
  * Sets the timeLoggedIn of this UserTable to the specified value.
  * @param timeLoggedIn the new timeLoggedIn
  public void setTimeLoggedIn(String timeLoggedIn) {
  this.timeLoggedIn = timeLoggedIn;
  * Gets the timeLoggedOut of this UserTable.
  * @return the timeLoggedOut
  public String getTimeLoggedOut() {
  return this.timeLoggedOut;
  * Sets the timeLoggedOut of this UserTable to the specified value.
  * @param timeLoggedOut the new timeLoggedOut
  public void setTimeLoggedOut(String timeLoggedOut) {
  this.timeLoggedOut = timeLoggedOut;
  * Gets the createdBy of this UserTable.
  * @return the createdBy
  public String getCreatedBy() {
  return this.createdBy;
  * Sets the createdBy of this UserTable to the specified value.
  * @param createdBy the new createdBy
  public void setCreatedBy(String createdBy) {
  this.createdBy = createdBy;
  * Returns a hash code value for the object. This implementation computes
  * a hash code value based on the id fields in this object.
  * @return a hash code value for this object.
  @Override
  public int hashCode() {
  int hash = 0;
  hash += (this.userId != null ? this.userId.hashCode() : 0);
  return hash;
  * Determines whether another object is equal to this UserTable. The result is
  * <code>true</code> if and only if the argument is not null and is a UserTable object that
  * has the same id field values as this object.
  * @param object the reference object with which to compare
  * @return <code>true</code> if this object is the same as the argument;
  * <code>false</code> otherwise.
  @Override
  public boolean equals(Object object) {
  // TODO: Warning - this method won't work in the case the id fields are not set
  if (!(object instanceof UserTable)) {
  return false;
  UserTable other = (UserTable)object;
  if (this.userId != other.userId && (this.userId == null || !this.userId.equals(other.userId))) return false;
  return true;
  * Returns a string representation of the object. This implementation constructs
  * that representation based on the id fields.
  * @return a string representation of the object.
  @Override
  public String toString() {
  return "Entities.UserTable[userId=" + userId + "]";
  please what do I do? or is there a better way? seems like my appserver(sun java system app server 9.1)doesnt support dependency injection as
  there's always an exception in the server log when i try it.i use the default transaction provider toplink because use of any of the others raises an exception and my application index page never shows. please i need help? I want to be able to succesfully perform this authentication as its the only way i can move to the next level
  Ayo.

• FORM based authentication

  Hi,
  I'm using Oracle JDeveloper 9.0.3 with the embedded oc4j. I have configured for simple FORM based authentication by storing username/password in the principals.xml file.
  I am presented with the login form correctly when I try to access a protected resource, but my username/password is always rejected (I'm redirected to the error page after trying to log-in). Can someone pls help??
  The relevant portions of the contents of the deployment descriptor files that I'm using:
  principals.xml
  <principals>
  <groups>
  <group name="securegroup">
  <description>secureusers</description>
  </group>
  </groups>
  <users>
  <user username="testuser" password="test">
  <description>test user </description>
  <group-membership group="securegroup" />
  </user>
  </users>
  </principals>
  web.xml
  <web-app>
  <security-constraint>
  <display-name>Example Security Constraint</display-name>
  <web-resource-collection>
  <web-resource-name>Protected Area</web-resource-name>
  <!-- Define the context-relative URL(s) to be protected -->
  <url-pattern>*</url-pattern>
  <!-- If you list http methods, only those methods are protected -->
  </web-resource-collection>
  <auth-constraint>
  <!-- Anyone with one of the listed roles may access this area -->
  <role-name>role1</role-name>
  </auth-constraint>
  </security-constraint>
  <!-- Default login configuration uses form-based authentication -->
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>Example Form-Based Authentication Area</realm-name>
  <form-login-config>
  <form-login-page>login.jsp</form-login-page>
  <form-error-page>error.jsp</form-error-page>
  </form-login-config>
  </login-config>
  <!-- Security roles referenced by this web application -->
  <security-role>
  <role-name>role1</role-name>
  </security-role>
  </web-app>
  orion-application.xml
  <orion-application>
  <security-role-mapping name="role1">
  <group name="securegroup" />
  </security-role-mapping>
  </orion-application>
  application.xml (stored in my D:\JDeveloper\jdev\MyProj\MyProject\WEB-INF\src\META-INF folder)
  <?xml version = '1.0' encoding = 'windows-1252'?>
  <!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN" "http://java.sun.com/j2ee/dtds/application_1_2.dtd">
  <application>
  <security-role-mapping name="role1">
  <group name="securegroup" />
  </security-role-mapping>
  </application>

  REPOST
  <br><br>
  Keywords: form-login, principals.xml, embedded OC4J, authentication
  <p>
  Please see http://forums.oracle.com/forums/message.jsp?id=1266989
  <p>
  The provided link does not work.<br><br>
  In the application.xml of the OC4j config folder I have comemnted out the: <br> <jazn provider="XML" location="./jazn-data.xml"/>
  and added my roles mappings from web.xml :<br>
       <security-role-mapping name="OES_admin">
            <group name="administrators"/>
       </security-role-mapping>
  <p>
  plus in proncipals.xml have created an entry for my test user:<p>
            <user username="testusr" password="test">
                 <description>Just me</description>
                 <group-membership group="users" />
                 <group-membership group="guests" />
                 <group-membership group="administrators" />
            </user>
  <p>
  And still cannot run Form-authentication from inside jdeveloper .... authentication runs fine when the app is deployed to Tomcat5
  <p>
  Help Please, I'm using jdev 10.1.2.0
  Message was edited by:
  omar71

• Ask for help with form based authentication & authorization

  Hi:
  I encountered the following problem when I tried the form based authentication & authorization (see the attached part of the config files, web.xml, weblogic.xml & weblogic.properties)
  1. authorization seems not invoked against the rules specfied, it doesn't go the login error page as long as the user/pwd match, even though the user does not have the necessary role
  in the example below, user3 should be denied to access the signin page, but seems no login error page returned, actually I never see any page / error message which complain about the authorization / access control error
  2. after authenticate correctly, always get redirected to the / (context root) url, instead of the url prior the login page, for e.g., signin page
  Any idea ?
  Thanks in advance.
  HaiMing
  attach config files
  web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>MySecureBit1</web-resource-name>
  <description>no description</description>
  <url-pattern>/control/signin</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
  <form-login-page>/control/formbasedlogin</form-login-page>
  <form-error-page>/control/formbasedloginerror</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>the customer role</description>
  <role-name>customer</role-name>
  </security-role>
  weblogic.xml
  <security-role-assignment>
  <role-name>
  customer
  </role-name>
  <principal-name>
  customer_group
  </security-role-assignment>
  weblogic.properties
  weblogic.password.user1=user1pass
  weblogic.password.user2=user2pass
  weblogic.password.user3=user3pass
  weblogic.security.group.customer_group=user1,user2

  Hi, Paul:
  Thanks a lot for your reply.
  Firstly let me just correct a little in the attachment I put previously, I think I missed following lines :
  <auth-constraint>
  <description>no description</description>
  <role-name>customer</role-name>
  </auth-constraint>
  So, user1 & user2 are in the customer group, but user3 not, and /control/singin is protected by this security constraint, as a result, when anyone click the link to /control/singin, he was led to the login page, if he tries to login as user1 & user2, he should pass & led to original page (in this case /control/singin, and my code's logic, once /control/signin is used, means that he already login successfully & redirected to the login success page), but if he tries to login as user3, he should only pass the authentication check, but fail the authorization check, and led to login error page.
  What not happen are :
  1. user1 & user2 pass, but redirect to /
  2. user3 also pass, because I see that debug message shows also get redirected to /, instead of login error page
  (login error page will be displayed, only if I try to login as a user with either wrong userid, or wrong password)
  3. one more thing I notice after I first time post the message, the container does not remember the principal, after 1. is done, not even for a while
  And the similar configuration works under Tomcat 3.2.1, for all 3. mentioned above.
  Any idea ?
  HaiMing
  "Paul Patrick" <[email protected]> wrote:
  If I understand what your trying to do, everyone should get access to the
  login page since roles are not
  associated with principals until after they authenticate. If I follow what
  you specified in the XML files,
  authenticated users user1 and user2 are members of a group called
  customer_group.
  The principal customer_group (and therefore its members) is mapped in the
  weblogic.xml file to the role
  customer.
  I can't speak to the reason your being redirected to the document root.
  Paul Patrick
  "HaiMing" <[email protected]> wrote in message
  news:[email protected]...
  Hi:
  I encountered the following problem when I tried the form basedauthentication & authorization (see the attached part of the config files,
  web.xml, weblogic.xml & weblogic.properties)
  1. authorization seems not invoked against the rules specfied, itdoesn't go the login error page as long as the user/pwd match, even though
  the user does not have the necessary role
  in the example below, user3 should be denied to access the signinpage, but seems no login error page returned, actually I never see any page
  / error message which complain about the authorization / access control
  error
  2. after authenticate correctly, always get redirected to the / (contextroot) url, instead of the url prior the login page, for e.g., signin page
  Any idea ?
  Thanks in advance.
  HaiMing
  attach config files
  web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>MySecureBit1</web-resource-name>
  <description>no description</description>
  <url-pattern>/control/signin</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
  <form-login-page>/control/formbasedlogin</form-login-page>
  <form-error-page>/control/formbasedloginerror</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>the customer role</description>
  <role-name>customer</role-name>
  </security-role>
  weblogic.xml
  <security-role-assignment>
  <role-name>
  customer
  </role-name>
  <principal-name>
  customer_group
  </security-role-assignment>
  weblogic.properties
  weblogic.password.user1=user1pass
  weblogic.password.user2=user2pass
  weblogic.password.user3=user3pass
  weblogic.security.group.customer_group=user1,user2

• Does weblogic 5.1 support form based authentication of servlets

            Hi,
            Does weblogic 5.1 support form based authentication?
            If yes is any setup need to be done?
            <HTML>
            <BODY>
            This is a test for form based authentication
            <FORM action="j_security_check">
            <input type="j_name" value="hi">
            <input type="j_password" value="hi">
                 <input type="submit" value="hi">
            </FORM>
            </BODY>
            </HTML>
            If i submit a form to j_security_check, weblogic throws "404 file not found error".
            thanks
            

            you must add this to yor web.xml file:
            <login-config>
            <auth-method>FORM</auth-method>
            <realm-name>LDAPRealm</realm-name>
            <form-login-config>
            <form-login-page>/logon.jsp</form-login-page>
            <form-error-page>/logonerror.jsp</form-error-page>
            </form-login-config>
            </login-config>
            greetings
            "Cameron Purdy" <[email protected]> wrote:
            >Yes. You have to specify in web.xml per spec.
            >
            >Peace,
            >
            >--
            >Cameron Purdy
            >Tangosol, Inc.
            >http://www.tangosol.com
            >+1.617.623.5782
            >WebLogic Consulting Available
            >
            >
            >"antony" <[email protected]> wrote in message
            >news:[email protected]...
            >>
            >>
            >> Hi,
            >>
            >> Does weblogic 5.1 support form based authentication?
            >> If yes is any setup need to be done?
            >>
            >> <HTML>
            >> <BODY>
            >> This is a test for form based authentication
            >> <FORM action="j_security_check">
            >> <input type="j_name" value="hi">
            >> <input type="j_password" value="hi">
            >> <input type="submit" value="hi">
            >> </FORM>
            >> </BODY>
            >> </HTML>
            >>
            >> If i submit a form to j_security_check, weblogic throws "404 file not
            >found error".
            >>
            >> thanks
            >>
            >
            >
            

• Form based authentication problem

  Hi people, im new here. Im working on a small application and i have decided to work with Form Based authentication. Theres a index page in the root that redirect to welcome page but when i try to Run the first page im getting this exception.
  javax.servlet.jsp.JspException: Cannot find FacesContext at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java:427) at com.sun.faces.taglib.jsf_core.ViewTag.doStartTag(ViewTag.java:125) at infrastructure.login._jspService(_login.java:53)
  I have been searching for a while in the web but i couldnt find anything that fix the problem. Can anybody give me a hand with this? The version of Jdeveloper is 10.1.3.2. Here are the web.xml file and index.jsp
  <?xml version = '1.0' encoding = 'windows-1252'?>
  <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee">
  <description>Empty web.xml file for Web Application</description>
  <context-param>
  <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
  <param-value>client</param-value>
  </context-param>
  <context-param>
  <param-name>CpxFileName</param-name>
  <param-value>userinterface.DataBindings</param-value>
  </context-param>
  <filter>
  <filter-name>adfFaces</filter-name>
  <filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
  </filter>
  <filter>
  <filter-name>adfBindings</filter-name>
  <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>adfFaces</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfBindings</filter-name>
  <url-pattern>*.jsp</url-pattern>
  </filter-mapping>
  <servlet>
  <servlet-name>Faces Servlet</servlet-name>
  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>resources</servlet-name>
  <servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/adf/*</url-pattern>
  </servlet-mapping>
  <session-config>
  <session-timeout>35</session-timeout>
  </session-config>
  <mime-mapping>
  <extension>html</extension>
  <mime-type>text/html</mime-type>
  </mime-mapping>
  <mime-mapping>
  <extension>txt</extension>
  <mime-type>text/plain</mime-type>
  </mime-mapping>
  <welcome-file-list>
  <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
  <jsp-config/>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>todoLider</web-resource-name>
  <url-pattern>/faces/app/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>lider</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>infrastructure/login.jsp</form-login-page>
  <form-error-page>infrastructure/error.jsp</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <role-name>lider</role-name>
  </security-role>
  <security-role>
  <role-name>auxiliar</role-name>
  </security-role>
  <security-role>
  <role-name>docente</role-name>
  </security-role>
  <security-role>
  <role-name>veedor</role-name>
  </security-role>
  <security-role>
  <role-name>estudiante</role-name>
  </security-role>
  <ejb-local-ref>
  <ejb-ref-name>ejb/local/AsigFacade</ejb-ref-name>
  <ejb-ref-type>Session</ejb-ref-type>
  <local>datamodel.model.AsigFacadeLocal</local>
  <ejb-link>AsigFacade</ejb-link>
  </ejb-local-ref>
  </web-app>
  index.jsp
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
  "http://www.w3.org/TR/html4/loose.dtd">
  <%@ page contentType="text/html;charset=windows-1252"%>
  <html>
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"/>
  <title>index</title>
  </head>
  <body><%response.sendRedirect("faces/app/welcome.jsp");%></body>
  </html>

  Servlet mapping for the Faces Servlet is
  <servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>
  Is the input.jsp run by specifying the url in the browser?
  Run input.jsp with right-click>Run
  The url should include /faces/