CODEWITHSUNDEEP
javaglassfish-3netbeans-7j-security-check
LDJ
LDJ

Reputation: 7304

Java forms auth with j_security_check and Glassfish

I'm dipping my toe into the murky waters of Java and I'm working through the PackPub JavaEE 6 With Netbeans7 book . One of the early examples is forms authentication which involves setting up deployment descriptor (web.xml) with a security role 'admin' and a constraint. It then walks you through getting the Glassfish descriptor by assigning these roles to new groups and then using the Glassfish console to create new users in these groups.

When I try and access a page inside this protected page I'm presented with the login page as expected, but my login does not work. Even though I know I am putting in valid credentials created in the glassfish console, I still get my login error page (rendered on the j_security_check URL).

The login page is as basic as it comes:

    <%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Log in to view secure content</title>
    </head>
    <body>
        <h1>Log in</h1>
        <form action="j_security_check" method="POST">
            <table border="0">
                <tbody>
                    <tr>
                        <td slign="right">Username: &nbsp;</td>
                        <td><input type="text" name="j_username" value="" /></td>
                    </tr>
                    <tr>
                        <td slign="right">Password: &nbsp;</td>
                        <td><input type="password" name="j_password" value="" /></td>
                    </tr>
                    <tr>
                        <td></td>
                        <td><input type="submit" value="Login" /></td>
                    </tr>
                </tbody>
            </table>

        </form>
    </body>
</html>

I've not configured something, and its probably something really basic, but the book doesn't help with issues such as this so wondered if I could get some pointers on where to start debugging or diagnosing this problem.

My web.xml is:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <security-constraint>
        <display-name>Admin Pages</display-name>
        <web-resource-collection>
            <web-resource-name>Administrative pages</web-resource-name>
            <description/>
            <url-pattern>/admin/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>Admin</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>file</realm-name>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/loginerror.jsp</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <description>Administrators</description>
        <role-name>Admin</role-name>
    </security-role>
    <security-role>
        <description>public user</description>
        <role-name>User</role-name>
    </security-role>
</web-app>

glassfish-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
  <security-role-mapping>
    <role-name>Admin</role-name>
    <group-name>Admin</group-name>
  </security-role-mapping>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</glassfish-web-app>

I've double checked that in the Glassfish console, I'm editing

Configuartions|Security|Realms|file

and that my new user has a Group list of 'Admin'

Thanks

Upvotes: 0

Views: 7583

Answers (2)

Andre Lopes
Andre Lopes

Reputation: 129

Yeah. About 2 years ago, but I had the same problem and founded the solution. Although i had installed the correct version of Netbeans (7.0) and the correct version of jdk (1.6.0_45) to follow the book, Netbeans come shipped with glassfish 3.1. So what I've done is remove the glassfish server from Netbeans, uninstalled it, and installed glashfish 3.0.1, so now my example works perfectly. Don't forget to execute Netbeans as system administrator.

Upvotes: 0

Luis Ramirez-Monterosa
Luis Ramirez-Monterosa

Reputation: 2242

are you using a custom login page?

if you configured all the stuff also take a look on your login page you should have something like

<form method="POST" action="j_security_check">
    <input type="submit">
    <!-- more code -->
</form>

try with 

<login-config>    
  <auth-method>BASIC</auth-method>    
  <realm-name>file</realm-name>  
</login-config>

Upvotes: 0

Related Questions