RE: custom authentication

Moore, Jim Tue, 01 May 2001 10:53:26 -0700
so i found the problem. It appears that is IIS 5, you can't post directly to
a folder with a default document and since the action of the form post is
"j_security_check", IIS interprets that as a folder. To work around it, I
had to post to a jsp that forwards the request to j_security_check through a
RequestDispatcher.

For more info:

http://support.microsoft.com/view/viewtn.asp?kb=247536&prd=iis&sbp=&pver=5.0
&pid=&ID=405&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=

--jim

-----Original Message-----
From: Moore, Jim [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 01, 2001 11:16 AM
To: JRun-Talk
Subject: custom authentication


I'm trying to implement a CustomAuthentication class for a web-app. I've
implemented allaire.jrun.security.AuthenticationInterface and set:

authentication.service=burlapAuth
authentication.burlapAuth.class=com.iguanastudios.burlap.security.JRunAuthen
tication

in the local.properties for the server.

It doesn't seem like the authenticate(HttpServletRequest request, String
username, String password) or isPrincipalInRole(Principal p, String role)
methods are ever being called though. In init() I have a System.out.println
which is working, however the System.out.println statements in authenticate
and isPrincipalInRole are never called. When I try to access a protected
resource, I am never granted access or redirected to the error page I set in
web.xml, I simply get a 405 error from IIS (I am running IIS 5 on Windows
2000 and JRun 3.1rc1), though NT has the folder set to grant access to
everyone. Only the web.xml file sets the security. It looks like this:

<web-app>
   <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
         <form-login-page>/login.jsp</form-login-page>
         <form-error-page>/loginerror.jsp</form-error-page>
      </form-login-config>
   </login-config>
   <security-constraint>
      <web-resource-collection>
         <web-resource-name>default-app</web-resource-name>
         <url-pattern>/admin/*</url-pattern>
         <description>Administrative Section</description>
      </web-resource-collection>
      <auth-constraint>
         <role-name>user</role-name>
      </auth-constraint>
   </security-constraint>
</web-app>

Any ideas?

--jim
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: custom authentication

Reply via email to
