Skip to Content
1
Aug 01, 2007 at 08:47 PM

FORM based authentication not working, still giving me a pop-up box...

13 Views

Hi All,

I have a Java application deployed on Web AS 7.0 Java and I need to use a logon module stack for authentication. Right now I have a logon module stack defined in Visual Admin Security Provider associated with the deployed app's component. It uses the BasicPasswordLoginModule, and in the web.xml file I have the auth-method set as BASIC. So when you try to hit the URL of the App, a dialogue box pops up asking for username and password, after you enter the data and hit on, it gives you access to the App.

However, I now need to change it so that rather than a pop-up box it uses an html form to get the username and password. From what I can tell, all I need to do is change the auth-method in web.xml to FORM rather than BASIC and provide the filenames for a login and error html page.

I made the changes I though were needed, but it still pops up the dialogue box rather than taking me to the login.html page when I try to access the appliucation.

Since FORM based authentication uses the BasicPasswordLoginModule I shouldn't have to change anything in Vis. Adm. right? Are there any other steps for using a form rather than the default pop-up box with the BasicPasswordLoginModule? Where should the html files be located, can they be within the secured directory of the application?

Here's a copy of the web.xml. If anybody has any ideas please let me know.

<?xml version="1.0" encoding="UTF-8"?>

<web-app>

<display-name>Online HR Contact Center</display-name>

<!-- Action Servlet Configuration -->

<servlet>

<servlet-name>action</servlet-name>

<servlet-class>com.ahrs.ohrcc.arch.base.OHRCCActionServlet</servlet-class>

<init-param>

<param-name>application</param-name>

<param-value>test.struts.MessageResources</param-value>

</init-param>

<init-param>

<param-name>mapping</param-name>

<param-value>org.apache.struts.action.RequestActionMapping</param-value>

</init-param>

<init-param>

<param-name>config</param-name>

<param-value>/WEB-INF/struts-config.xml</param-value>

</init-param>

<init-param>

<param-name>debug</param-name>

<param-value>2</param-value>

</init-param>

<load-on-startup>2</load-on-startup>

</servlet>

<!-- Action Servlet Mapping -->

<servlet-mapping>

<servlet-name>action</servlet-name>

<url-pattern>/pages/*</url-pattern>

</servlet-mapping>

<!-- Struts Tag Library Descriptors -->

<security-role>

<description>Everyone</description>

<role-name>Everyone</role-name>

</security-role>

<security-constraint>

<web-resource-collection>

<web-resource-name>General access restriction</web-resource-name>

<url-pattern>/pages/*</url-pattern>

</web-resource-collection>

<auth-constraint>

<description>EveryoneHR</description>

<role-name>Everyone</role-name>

</auth-constraint>

<user-data-constraint>

<transport-guarantee>NONE</transport-guarantee>

</user-data-constraint>

</security-constraint>

<login-config>

<auth-method>FORM</auth-method>

<realm-name>Realm1</realm-name>

<form-login-config>

<form-login-page>login.html</form-login-page>

<form-error-page>error.html</form-error-page>

</form-login-config>

</login-config>

</web-app>