Hi
I'm trying to create custom pages for FORM authentication of a Java web app, but keep getting strange errors. Please could someone point out what I'm doing wrong.
I've created custom pages for login, login-error, password-change, and password-change-error (as per config requirements).
When the user navigates to the web app, they're correctly sent to the login page. Authentication seems to work the first time. Then they log out and are redirected back to the login page. All fine so far. However, when trying to log in again, they're redirected to an error page (HTTP 404).
This is very strange, as the login worked fine the first time, but not the second time. Huh?!?!
Below is sample code (all based on the SAP Help docs):
web-j2ee-engine.xml
<web-j2ee-engine> <spec-version>2.4</spec-version> <security-role-map> <role-name>Administrator</role-name> <server-role-name>My Administrators Role</server-role-name> </security-role-map> <login-module-configuration> <password-change-config> <login-page>change-password.jsp</login-page> <error-page>change-password-error.jsp</error-page> </password-change-config> <security-policy-domain>/TestWeb</security-policy-domain> </login-module-configuration> </web-j2ee-engine>
web.xml
<web-app>
<display-name>Test Web App</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Admin role</description>
<role-name>Administrator</role-name>
</security-role>
<security-constraint>
<display-name>SecureConstraint</display-name>
<web-resource-collection>
<web-resource-name>WebResource</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Admin protected authorisation</description>
<role-name>Administrator</role-name>
</auth-constraint>
</security-constraint>
</web-app>
login.jsp
<%@ page language="java" %> <html> <body> <form name="loginForm" method="POST" action="j_security_check"> Username: <input type="text" name="j_username"><br/> Password: <input type="password" name="j_password"><br/> <input type="submit" value="submit" /> </form> </body> </html>
change-password.jsp
<%@ page language="java" %> <html> <body> <form name="loginChangePasswordForm" method="POST" action="sap_j_security_check"> Current Password: <input type="text" name="j_sap_current_password" /><br/> New Password: <input type="password" name="j_sap_password" /><br/> Confirm New Password: <input type="password" name="j_sap_again" /><br/> <input type="submit" value="submit" /> </form> </body> </html>
logout.jsp
<%@ page language="java" %>
<%
request.getSession().invalidate();
response.sendRedirect("login.jsp");
%>
Any help would be greatly appreciated!
Thanks
Stuart