Require Login (Form based)

Hi all,
I want to control my website so that all pages require a logged in user, some pages are only visible for certain roles. In the web.xml description there is a remark for the <login-config> element:
If this element is present, the user must be authenticated in order to access any resource that is constrained by a <security-constraint> defined in the Web application. Once authenticated, the user can be authorized to access other resources with access privileges.
one for all pages:
<security-constraint>
<web-resource-collection>
<web-resource-name>all pages</web-resource-name>
<description>desc</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>
one with restriction for roles:
<security-constraint>
<web-resource-collection>
<web-resource-name>role rescricted</web-resource-name>
<description>...</description>
<url-pattern>/control/requirements/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>aRoleName</role-name>
</auth-constraint>
</security-constraint>
my <login-config> element:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/control/Login</form-login-page>
<form-error-page>/control/Login</form-error-page>
</form-login-config>
</login-config>
The role restriction works fine. But also a user who is not logged in, can access the other pages and is not redirected to the login page.
Any ideas??

The Security-constraint for "all pages" doesn't specify an auth-constraint ie no role. I think that the default role is applied ie "Anonymous" which is everyone in the special group called "everyone" which course includes all not logged in users.
create a role in your weblogic.xml called Users and make it contain the principal "users" which is a default group of all authenticated users.
Then add the role "Users" to the "all pages" constraint, it will force an authentication.
for info on default groups see:
http://e-docs.bea.com/wls/docs81/secwlres/usrs_grps.html#1179347
Note that if you create your own Authentication Provider you should probably make it add the WLSGroup principal "everyone" an "users" as well as other groups when a user sucessfully logs in. NB the groupname "everyone" is not guaranteed and you should get the principal name of the everyone group from API:
weblogic.security.WLSPrincipals.getEveryoneGroupname() or
weblogic.security.WLSPrincipals.getUsersGroupname()
cheers
Karl

Similar Messages

Form based authentication very slow

Hi,
We are facing problem in form based login authentication. Any application having a form based authentication is taking too much time.
We are running SAP J2EE Server 6.40 with SP16.
The database and the J2EE server are in a single machine.
The basic authentication does not show up any problem.
The form based takes up too much amount of time but does go through.
What can be the problem?
Regards,
Ameya

Hi Ameya,
if form based authentication is working fine for you then please send me complete step by step procedure or any document if you have any as i configured everything required for form based authentication and when i provide any of the .jsp page in the url i am not getting the login page. please help me as soon as possible

Form based Login

Im trying to add form based logon in my application and have been running into trouble with it. I get to my logon screen and when I enter the information I get the following error from GlassFish:
[Web-Security] Policy Context ID was: Admin/Admin
[Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /j_security_check POST)
[Web-Security] hasUserDataPermission isGranted: true
Processing login with credentials of type: class com.sun.enterprise.security.auth.login.PasswordCredential
Logging in user [Doug] into realm: Realm using JAAS module: jdbcRealm
Login module initialized: class com.sun.enterprise.security.auth.login.JDBCLoginModule
SEC1112: Cannot validate user [Doug] for JDBC realm, reason: com.microsoft.sqlserver.jdbc.SQLServerException: Invalid object name 'User'.
Cannot validate user
com.microsoft.sqlserver.jdbc.SQLServerException: Invalid object name 'User'.
at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.getNextResult(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.doExecutePreparedStatement(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement$PrepStmtExecCmd.doExecute(Unknown Source)
at com.microsoft.sqlserver.jdbc.TDSCommand.execute(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeCommand(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeStatement(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.executeQuery(Unknown Source)
at com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm.isUserValid(JDBCRealm.java:324)
at com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm.authenticate(JDBCRealm.java:299)
at com.sun.enterprise.security.auth.login.JDBCLoginModule.authenticate(JDBCLoginModule.java:72)
at com.sun.enterprise.security.auth.login.PasswordLoginModule.authenticateUser(PasswordLoginModule.java:90)
at com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:184)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.sun.enterprise.security.auth.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:295)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:170)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:123)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:479)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:419)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:253)
at org.apache.catalina.authenticator.AuthenticatorBase.processSecurityCheck(AuthenticatorBase.java:1011)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:622)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:609)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
JAAS authentication aborted.
SEC5046: Audit: Authentication refused for [Doug].
doPasswordLogin fails
javax.security.auth.login.LoginException: Security Exception
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.sun.enterprise.security.auth.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:295)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:170)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:123)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:479)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:419)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:253)
at org.apache.catalina.authenticator.AuthenticatorBase.processSecurityCheck(AuthenticatorBase.java:1011)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:622)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:609)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Caused by: java.lang.SecurityException
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:857)
... 35 more
Web login failed: Login failed: javax.security.auth.login.LoginException: Security Exception
[Web-Security] Policy Context ID was: Admin/Admin
[Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /loginError.jsp GET)
[Web-Security] hasUserDataPermission isGranted: true
[Web-Security] Policy Context ID was: Admin/Admin
[Web-Security] hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission /images/signon_error_box.jpg GET)
[Web-Security] hasUserDataPermission isGranted: true
[Web-Security] Policy Context ID was: Admin/Admin
[Web-Security] hasResource isGranted: true
[Web-Security] hasResource perm: (javax.security.jacc.WebResourcePermission /images/signon_error_box.jpg GET)
This is the code I put in web.xml
<security-constraint>
   <display-name>Example Security Constraint</display-name>
   <web-resource-collection>
     <web-resource-name>Secured Area</web-resource-name>
           <description/>
           <url-pattern>*.jsp</url-pattern>
           </web-resource-collection>
   <auth-constraint>
     <role-name>Admin</role-name>
   </auth-constraint>
</security-constraint>
<login-config>
   <auth-method>FORM</auth-method>
   <realm-name>MyRealm</realm-name>
   <form-login-config>
     <form-login-page>/login.jsp</form-login-page>
     <form-error-page>/loginError.jsp</form-error-page>
   </form-login-config>
</login-config>
   <error-page>
   <error-code>403</error-code>
   <location>/loginError.jsp</location>
</error-page>I have login.jsp and loginError.jsp and login.jsp contains:
<form action="j_security_check" method="POST">
               Username: <input type="text" name="j_username" value="" size="15" /><br/><br/>
               Password: <input type="password" name="j_password" value="" size="15" /><br/><br/>
               <input type="submit" value="Login" />
               </form>I created a User table and a Roles table in my database using SQL
User
username varchar NOT NULL
userpass varchar NOT NULL
Roles
username varchar NOT NULL
rolename varchar NOT NULL
created my own Realm called MyReal and set the settings to match the database tables and their columns
the class name is set to: com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm
JAAS context: jdbcRealm
JNDI: Required: jdbc/AAADDD
User Table: User
User Name Column: username
Password Column: userpass
Group Table: Roles
Group Name Column: rolename
Assign Group:
Database User: AAADDD
Database Password: AAADDD
Digest Algorithm: md5
Thanks for the help in advance

Is there anyone who can help me with this?

SSL and login form for form based login over ldap

Hello,
i have configured an apache reverse proxy with virtual named host and the the webgate is also running on this server.
On a second server i have configured a webserver with the login form.
Access to the protected ressources is working when i use the following parameters in my Authentication schema
form:/form/login.html
action:/dummy
creds:userid password
ssoCookie:httponly
passthrough:no
SSL Required No
Challenge Redirect http://dummyserver.dummy.org
Changing the SSL required to yes and the url to https has the following result.
After filling out the login form and pressing the submit button "the requested URL /dummy was not found on this server"
Any hints are welcome.
Kind regards

Hi Colin,
Yes the dummy url is protected. Otherwise it should not work when using http.
I assume that i am not redirected back to the origin source. The obSSOCookie should do this in some way, when i remember that correctly.
I can see that the obSSOCokkies are created for both urls but the content is "loggedoutcontinue". Thats the difference to the http communication.
Is there anything else to configure when using SSL with a form based login. Have i missed some basics?
In the documentation it looks really simple - just trning it on - looking for access - and everything works :-)
KR

Form based login, iframes and session time out

Hi all,
I'm trying to create a site using form based login.
The site contains a page protected page, default.jsp that have a logout button/link (clicking it invalidates the session), and a navigation bar with links linking opening them in iframes inside the default.jsp page:
I have also a login.jsp page and and a error.jsp page
Everything works fine I can login, I can logout. My problem occurs when the session times out and the user tries to access protected contents in the internal frames. He then is promted for a new login. The problem is that the login,jsp page now turns up inside the jframe designatet for my contents.
I woud have liked the login page to turn up at the top level i.e. filling the entire browser window (i.e on the same level as the default.jsp page). Is this somehow possible?
Regards
Uno Engborg

Easy answer: use JS to jump out iframe.
Best answer: don't use iframes, but use server side includes like jsp:include. Iframes have too much disadvangages, topping the extremely bad SEO and UX.

How to configure a form based login page with entitlement role

We need to have login page to our portal app.
When using "form based" authentication is it possible to map the security on a
"entitlement role" ?
Our need is to be abled to give direct url acces to some pages of the portal (for
exemple by sending urls like "http://server/appcontextpath/appmanager/myportal/mydesktop?_nfpb=true&_pageLabel=mypage")"
by email to portal users) and need a simple mecanism of authentication before
redirecting to the portal page.
Inste

Olivier,
You can't reference WLP visitor roles in weblogic.xml, but you can
reference global roles (created using the WLS console):
- <security-role-assignment>
<role-name>PortalSystemAdministrator</role-name>
<externally-defined />
</security-role-assignment>
-Phil
"Olivier" <[email protected]> wrote in message
news:[email protected]..
>
We need to have login page to our portal app.
When using "form based" authentication is it possible to map the securityon a
"entitlement role" ?
Our need is to be abled to give direct url acces to some pages of theportal (for
exemple by sending urls like"http://server/appcontextpath/appmanager/myportal/mydesktop?_nfpb=true&_page
Label=mypage")"
by email to portal users) and need a simple mecanism of authenticationbefore
redirecting to the portal page.
Inste

How to get username from Form-based login

I am using form-based login in my web.xml file.
When I attempt to access a protected .jsp page, I get sent to my login page as expected.
When I enter my username/password successfully it forwards me to the .jsp page I was trying to go to, as expected.
From that .jsp page, how do I get the username/password info from the login form? I looked at the session attributes, request attributes, and request parameters, but I don't see anything. Does the form-based authentication remove these variables?
I need the username that is filled out in the login form, so that I can do custom work with it. I cannot ask the user for it again after they login, as that is inefficient and sloppy.

Found it.
request.getUserPrincipal().getName()

Issues with OSSO ,custom login module and form based authentication

Hi:
We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
authentication and Custom login module.
Application is going in infinite loop when we we try to login using osso ,from the logs
what I got is looks like tha when we we try to login from OSSO application goes to the login
page and it gets the remote user from request so it forwards it to the home page till now
it is correct behaviour ,but after that It looks like home page find that authentication is
not done and sends it back to the login page and login page again sends it to the home as it
finds that remote user is not null.
Our web.xml form authentication entry looks like this :
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
</form-login-config>
</login-config>
While entry in orion-application.xml has the following entry for custom login :
<jazn provider="XML">
     <property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
</jazn>
Whether If I change the authentication type to BASIC and add the following line
in orion-application.xml will solve the issue :
<jazn provider="XML">
     <property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
<jazn-web-app auth-method="SSO" >
</jazn>
Any help regarding it will be appreciated .
Thanks
Anil

Hi:
We are facing issues with OSSO (Oracle Single Sign on ),Our application use the form based
authentication and Custom login module.
Application is going in infinite loop when we we try to login using osso ,from the logs
what I got is looks like tha when we we try to login from OSSO application goes to the login
page and it gets the remote user from request so it forwards it to the home page till now
it is correct behaviour ,but after that It looks like home page find that authentication is
not done and sends it back to the login page and login page again sends it to the home as it
finds that remote user is not null.
Our web.xml form authentication entry looks like this :
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/couldnotlogin.jsp</form-error-page>
</form-login-config>
</login-config>
While entry in orion-application.xml has the following entry for custom login :
<jazn provider="XML">
     <property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
</jazn>
Whether If I change the authentication type to BASIC and add the following line
in orion-application.xml will solve the issue :
<jazn provider="XML">
     <property name="custom.loginmodule.provider" value="true" />
<property name="role.mapping.dynamic" value="true" />
<jazn-web-app auth-method="SSO" >
</jazn>
Any help regarding it will be appreciated .
Thanks
Anil

Tomcat problem with form based login

Hi,
I have a page for form-based login, but the problem is that the image and css files dont load on the login page request. What I gather from other discussions is that this is because these are still protected when the page is requested. How do I exclude them from being protected.
Nirav

Hi tolmank,
Earlier I just filtered out the login page and images based on the extension, but now I am trying the second approach i.e. making a protected directory, but my application does not start. When i start it from the tomcat manager, it gives me this error,
FAIL - Application at context path /<app dir> could not be started
<web-resource-collection>
     <web-resource-name><app dir></web-resource-name>
     <url-pattern>/protected/*.jsp</url-pattern>
</web-resource-collection>
<login-config>
     <auth-method>FORM</auth-method>
     <form-login-config>
          <form-login-page>Login.jsp</form-login-page>
          <form-error-page>Error.jsp</form-error-page>
     </form-login-config>
</login-config>
what could be wrong?

How to set all required components false in ADF form based on human task?

Hi All,
I'm looking to implement an ADF form based on a human task. There are 2 outputs, Validate and Reject.
On clicking Validate, my form does as expected, evaluates everything that is mandatory and expects these inputs in order to proceed.
However, on reject, my form should overlook anything that's marked as mandatory. How do I go about making the "required" aspects of my form false so that no entries are required in order for me to reject the form.
JDev - 11g.
Any inputs will be appreciated.
Thanks,
Preethi.

Thank you Timo.
This doesn't seem to bypass any of the mandatory components . It still prompts for an entry for those fields. do I need to change the partial submit or any other property?

Custom Login Web Part In SharePoint 2010 Forms Based

Hi ,
Im trying to make Custom Login Web Part In SharePoint 2010 Forms Based , all membership configration is done .
my question is why (Login1.username , Login1.password ) give this error :
login1 does not exist in the current context
protected
void
Login1_Authenticate(object
sender, AuthenticateEventArgs e)
02        {
03            string
membership = "MembershipProvider";
04            string
role = "RoleProvider";
05
06            e.Authenticated
= SPClaimsUtility.AuthenticateFormsUser(new
Uri(SPContext.Current.Web.Url),Login1.UserName,Login1.Password);
07
08            if
(!e.Authenticated) return;
09
10            SecurityToken
token = SPSecurityContext.SecurityTokenForFormsAuthentication(new
Uri(SPContext.Current.Web.Url), membership, role,
Login1.UserName,
Login1.Password);

Error 1 No overload for method 'SecurityTokenForFormsAuthentication' takes 3 arguments
Error 2 The name Wss doesnot exisit in current context
Can anyone give sugeestion please
cant recitfy this error
protected void Login1_Authenticate(object sender,
AuthenticateEventArgs e)
02        {
03            string membership
= "MembershipProvider";
04            string role
= "RoleProvider";
05
06            e.Authenticated
= SPClaimsUtility.AuthenticateFormsUser(newUri(SPContext.Current.Web.Url),Login1.UserName,Login1.Password);
07
08            if (!e.Authenticated) return;
09
10            SecurityToken
token = SPSecurityContext.SecurityTokenForFormsAuthentication(newUri(SPContext.Current.Web.Url),
membership, role,
Login1.UserName,
Login1.Password);

Form Based Authentication without login page

Hi,
i need to use form based authentication in a web page, but without a dedicated login page. So basicly every page will contain a login form in the upper right corner, so the user can login anytime in his browsing session directly from the page he's reading.
I am aware of that the form based authentication config needs a login and a error page.
I need some hints on how this could be implemented so that i dont need them directly. Im quite sure this is possible, if any of you has ideas please share them with me.
dukes are waiting ...

sorry - double posted : http://forum.java.sun.com/thread.jspa?threadID=584579&tstart=0

FORM based login form-error-page

Hi,
I have activated FORM based login for EM (oracle 9iAS on Solaris). So, in web.xml for EMD, I have
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/error/oc4j_error.html</form-error-page>
</form-login-config>
</login-config>
When I login as ias_admin, everything seems fine. However, when I login as any other user (not in ias_admin role), the browser redirects to /emd/console/ias/applicationServer...
Why is the container not redirecting to /emd/error/oc4j_error.html ?
Any input will be truly appreciated. Hopefully I am doing something wrong.
Thanks,
Krishnendu

Hi Frank,
Thanks for your reply. If I have a error page in the FORM login, then the container (according to j2ee specs) should redirect to /emd/oc4j_error.html if I authenticate as a user without administrator privileges.
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/oc4j_error.html</form-error-page>
</form-login-config>
</login-config>
For all other containers (WAS, WebLogic and Sun Application server, Tomcat), it seems to work fine.
Thanks,
Krishnendu

Form based login for KM

Hi,
We have the problem that we get an basic login box when we try to access documents in the KM. (e.g with a link in an eMail)
Is it possible to switch from basic login to form based login for the KM?
If this is possible, how?
Best regards,
Manuel

Good question! On a training server, using /irj/go/km/docs/documents/Public%20Documents/Laptops/Development/Test%20Reports/Performance%20EVO%20N610c%20in%20Network.doc gives the Windows authentication, but http://twdf0399.wdf.sap.corp:50000/irj/go/km/navigation/documents/Public%20Documents/Laptops/Development/Test%20Reports/Performance%20EVO%20N610c%20in%20Network.doc (changing docs to navigation in the URL) gives the form based...

Form Based Authentication in Tomcat, getting login and password

Sorry for my English.
How I can guess login and password strings of an user, from error page (JSP)using "Form Based Authentication of Tomcat"?
I need know it to lock the count each 3 error tries (if login is ok but
password is bad, insteed).
Methods 'getRemoteUser', 'isUserInRole' and 'getUserPrincipal' of
HttpServletRequest interface have this result: If no user has been
authenticated, returns null, false and null respectly. For this reason, they aren't utils for me.
If I don�t know login what user writed, I can't lock his/her count.
Exist solution for this? Thanks

hi i am also facing the same problem. could u please tell me how u overcame the situation ?
u will reallly pull me out of my troubles
thanx in advance
[email protected]

Require Login (Form based)

Similar Messages

Maybe you are looking for