[jboss-user] [Security & JAAS/JBoss] - LDAP is giving error : Invalid direct reference to form logi

Tue, 19 Aug 2008 22:07:23 -0700 

I am trying to develop a sample application and authenticating it using Apache 
LDAP Server. Here are my enteries for login-config.xml file
<application-policy name="MoITWeb">
  |             <authentication>
  |             <login-module 
code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
  |                 <module-option name="java.naming.factory.initial"> 
  |                     com.sun.jndi.ldap.LdapCtxFactory
  |                     </module-option>
  |                 <module-option name="java.naming.provider.url">
  |                     ldap://localhost:10389/
  |                 </module-option>
  |                 <module-option name="java.naming.security.authentication">
  |                     simple
  |                 </module-option>
  |                             <module-option 
name="java.naming.security.credentials">
  |                                     clear-text password
  |                             </module-option>
  |                 <module-option 
name="principalDNPrefix">uid=</module-option>                    
  |                 <module-option name="principalDNSuffix">
  |                     ,ou=People,dc=example,dc=com
  |                 </module-option>
  |                 <module-option name="rolesCtxDN">
  |                     ou=Roles,dc=example,dc=com
  |                 </module-option>
  |                 <module-option name="uidAttributeID">member</module-option>
  |                 <module-option name="matchOnUserDN">true</module-option>
  |                 <module-option name="roleAttributeID">cn</module-option>
  |                 <module-option 
name="roleAttributeIsDN">false</module-option>
  |                 <module-option name="searchTimeLimit">5000</module-option>
  |                 <module-option 
name="searchScope">ONELEVEL_SCOPE</module-option>
  |             </login-module>
  |         </authentication>
  |     </application-policy>

My web.xml file is this

<web-app>
  |     <welcome-file-list>
  |             <welcome-file>index.jsp</welcome-file>
  |     </welcome-file-list>
  |     <security-constraint>
  |             <display-name>ValidUser</display-name>
  |             <web-resource-collection>
  |                     <web-resource-name>Resources</web-resource-name>
  |                     <url-pattern>/security/success.jsp</url-pattern>
  |                     <http-method>GET</http-method>
  |                     <http-method>POST</http-method>
  |             </web-resource-collection>
  |             <auth-constraint>
  |                     <description>ValidUser</description>
  |                     <!--<role-name>ValidUser</role-name>-->
  |                     <role-name>JBossAdmin</role-name>
  |             </auth-constraint>
  |     </security-constraint>
  |     <security-constraint>
  |             <web-resource-collection>
  |                     <web-resource-name>Setup(admin) 
Section</web-resource-name>
  |                     <description>For all authorized user</description>
  |                     <url-pattern>/security/*</url-pattern>
  |                     <http-method>GET</http-method>
  |                     <http-method>POST</http-method>
  |             </web-resource-collection>
  |             <auth-constraint>
  |                     <description>
  |                             Allow access for both default and enterprise 
users
  |                     </description>
  |                     <role-name>JBossAdmin</role-name>
  |             </auth-constraint>
  |     </security-constraint>
  |     <security-role>
  |             <description>ValidUser</description>
  |             <role-name>JBossAdmin</role-name>
  |     </security-role>
  |     
  |     <login-config>
  |             <auth-method>FORM</auth-method>
  |             <realm-name>MoITWeb</realm-name>
  |             <form-login-config>
  |                     <form-login-page>/security/login.jsp</form-login-page>
  |                     <form-error-page>/security/error.jsp</form-error-page>
  |             </form-login-config>
  |     </login-config>
  |     
  | </web-app>here are my pages
index.jsp
/security/login.jsp
/security/error.jsp
/security/succss.jsp

here is code for login.jsp
<form method="POST" action='<%=response.encodeURL("j_security_check")%>' >
  |   <table cellpadding="2" border="0" cellspacing="0">
  |     <tr>
  |       <td align="right">Username:</td>
  |       <td align="left"><input type="text" name="j_username" size="20"></td>
  |     </tr>
  |     <tr>
  |       <td align="right">Password:</td>
  |       <td align="left"><input type="password" name="j_password" 
size="20"></td>
  |     </tr>
  |     <tr>
  |       <td align="right"><input type="submit" value="Log In"></td>
  |       <td align="left"><input type="reset"></td>
  |     </tr>
  |   </table>
  | </form>

I have set the security domain in jboss-web.xml
as <jboss-web>
  |     <security-domain>java:/jaas/MoITWeb</security-domain>
  | </jboss-web>
Where ever i try to run the application, login page appears. I have give user 
and password, If password is woring I am redirected to error.jsp, but if both 
user name and password are correct server gives an error
Invalid direct reference to form login page
The request sent by the client was syntactically incorrect (Invalid direct 
reference to form login page).

I am trying to solve this issue from last 5 days but unable to find any 
solution.





View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171412#4171412

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171412
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to