Hi,
I cant seem to get FORM based auth to work.
Here's what I've done:
1) In my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>USERS</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>oracleRealm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/fail_login.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description />
<role-name>USERS</role-name>
</security-role>
2) In GlassFish I made the secutiry realm "oracleRealm" and refer to the connection pool "oracle". This connection pool I can ping, so I guess its working. The security realm has the digest algorithm MD5, so I've put a MD5 password in my database.
3) Here's my login html:
<form method="POST" action="j_security_check">
<table>
<tr><th>Username</th><th>Password</th></tr>
<tr><td><input type="text" name="j_username"></td><td><input type="password" name="j_password"></td></tr>
</table>
<input type="submit" />
</form>
4) I've also put an sub-web.xml in WEB-INF:
<sun-web-app>
<security-role-mapping>
<role-name>USERS</role-name>
<group-name>USERS</group-name>
</security-role-mapping>
</sun-web-app>
I always get this: Cannot validate user [marcel] for JDBC realm.|#]
In my Oracle database statistics I cannot see any query to the table groups or user.
What am I missing here? Any way for me to debug this? Can I switch to BASIC auth just to get some more info?
I'm really lost here.
[Message sent by forum member 'marcelkoopman' (marcelkoopman)]
http://forums.java.net/jive/thread.jspa?messageID=290502