I'm trying to implement a CustomAuthentication class for a web-app. I've
implemented allaire.jrun.security.AuthenticationInterface and set:
authentication.service=burlapAuth
authentication.burlapAuth.class=com.iguanastudios.burlap.security.JRunAuthen
tication
in the local.properties for the server.
It doesn't seem like the authenticate(HttpServletRequest request, String
username, String password) or isPrincipalInRole(Principal p, String role)
methods are ever being called though. In init() I have a System.out.println
which is working, however the System.out.println statements in authenticate
and isPrincipalInRole are never called. When I try to access a protected
resource, I am never granted access or redirected to the error page I set in
web.xml, I simply get a 405 error from IIS (I am running IIS 5 on Windows
2000 and JRun 3.1rc1), though NT has the folder set to grant access to
everyone. Only the web.xml file sets the security. It looks like this:
<web-app>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>default-app</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<description>Administrative Section</description>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
</web-app>
Any ideas?
--jim
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
