I'm having an unrelated problem with custom authentication. I authenticate
against an LDAP database, but I get weird behaviour from JRun. When I enter
the username/password, one of these happens:
- JRun seems to go to sleep (when submitting the login form, the little IE
logo keeps spinning). After this, if I requested my page again, I can get
into the application (so the authentication worked).
- JRun dumps me to the login error page straightaway even though my
credentials were correct.
- Sometimes, it works correctly.
I have verifed that the LDAP authentication is working correctly and
returning straightaway. Has anyone else seen these symptoms or know of
things I could try?
Perhaps if you have written a custom authentication class you could mail the
source to me so I can see if I am doing something wrong?
Thanks,
Hamish
-----Original Message-----
From: Moore, Jim [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 01, 2001 1:21 PM
To: JRun-Talk
Subject: RE: custom authentication
so i found the problem. It appears that is IIS 5, you can't post directly to
a folder with a default document and since the action of the form post is
"j_security_check", IIS interprets that as a folder. To work around it, I
had to post to a jsp that forwards the request to j_security_check through a
RequestDispatcher.
For more info:
http://support.microsoft.com/view/viewtn.asp?kb=247536&prd=iis&sbp=&pver=5.0
&pid=&ID=405&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=
--jim
-----Original Message-----
From: Moore, Jim [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 01, 2001 11:16 AM
To: JRun-Talk
Subject: custom authentication
I'm trying to implement a CustomAuthentication class for a web-app. I've
implemented allaire.jrun.security.AuthenticationInterface and set:
authentication.service=burlapAuth
authentication.burlapAuth.class=com.iguanastudios.burlap.security.JRunAuthen
tication
in the local.properties for the server.
It doesn't seem like the authenticate(HttpServletRequest request, String
username, String password) or isPrincipalInRole(Principal p, String role)
methods are ever being called though. In init() I have a System.out.println
which is working, however the System.out.println statements in authenticate
and isPrincipalInRole are never called. When I try to access a protected
resource, I am never granted access or redirected to the error page I set in
web.xml, I simply get a 405 error from IIS (I am running IIS 5 on Windows
2000 and JRun 3.1rc1), though NT has the folder set to grant access to
everyone. Only the web.xml file sets the security. It looks like this:
<web-app>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>default-app</web-resource-name>
<url-pattern>/admin/*</url-pattern>
<description>Administrative Section</description>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
</web-app>
Any ideas?
--jim
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
