Re: [sipx-dev] Making a second login form?

Fri, 18 Feb 2011 01:35:40 -0800 

Am 18.02.2011 01:29, schrieb Mircea Carasel:



    Does sending the POST request to j_acegi_security_check maybe cause it
    to match the /.* pattern?


I was looking through the code you posted and something and I found in 
your Login.html:


<form action="/sipxconfig/j_acegi_security_check" method="post">

When you make a POST here, IMO it will go to the following acegi filter:

/.*=httpSessionContextIntegrationFilter,authenticationProcessingFilter,digestExceptionTranslationFilter 

(in security.beans.xml, <bean id="filterChainProxy" 
class="org.acegisecurity.util.FilterChainProxy">)



As George noticed, ,authenticationProcessingFilter will direct you to 
the unwanted /Home.html



On the other hand I noticed that you created your own acegi filtering 
entries:

/microsite/.*=httpSessionContextIntegrationFilter,micrositeAuthenticationProcessingFilter,digestExceptionTranslationFilter


If I highlight micrositeAuthenticationProcessingFilter, I see that you 
are correctly defining your redirection when login fails:
<bean id="micrositeAuthenticationProcessingFilter" 
class="org.sipfoundry.sipxconfig.security.SipxAuthenticationProcessingFilter">

<property name="authenticationManager" ref="authenticationManager" />

<property name="authenticationFailureUrl" 
value="/microsite/xhtml/Login.html?error=badCredentials" />

<property name="defaultTargetUrl" value="/microsite/xhtml/Home.html" />
</bean>


Did you try to make a POST to /microsite ? that will redirect you to 
xhtml/Home.html when authentication fails



something like: <form action="/microsite/j_acegi_security_check" 
method="post">


Also you should put:

/microsite/.*=ROLE_LOCATION (didn't find this entry in your 
security.beans.xml)


Hope this helps,
Mircea

    _______________________________________________
    sipx-dev mailing list
    [email protected] <mailto:[email protected]>
    List Archive: http://list.sipfoundry.org/archive/sipx-dev/



Sorry, all that does is return a 404. Doesn't look like 
j_acegi_security_check exists anywhere but /sipxconfig/

_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev/






















					Reply via email to