You need to set the security-domain used by the web app in the jboss-web.xml
descriptor as described in the JAAS tutorial:
http://www.jboss.org/documentation/HTML/ch11s84.html
----- Original Message -----
From: "Jan Heise" <[EMAIL PROTECTED]>
To: "jboss-user" <[EMAIL PROTECTED]>
Sent: Tuesday, July 10, 2001 5:25 AM
Subject: [JBoss-user] help needed with form-based authentification using
jboss 2.2.2 & tomcat 3.2.2
> hi folks,
>
> i'm obviously doing soemthing wrong here. a search through
> the archives didn't present a solution so i have to ask
> you even so i think this has been asked before.
>
> i want to do form-based login for my webapp. securing ejb's
> is not yet needed, controlling who can login to the app is.
>
> <RequestInterceptor className="org.apache.tomcat.request.SimpleRealm"
> debug="0" />
>
> was missing from server.xml in tomcat/conf, instead i found:
>
> <RequestInterceptor
> className="org.jboss.tomcat.security.JBossSecurityMgrRealm" />
>
> i suggested that i do not need a separate jdbcrealm as when
> using only tomcat or am i wrong here?
>
> i just configured my parts in the web.xml:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/docs/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->
> <role-name>user</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>Form-Based Authentication Area</realm-name>
> <form-login-config>
> <form-login-page>/login.html</form-login-page>
> <form-error-page>/error.html</form-error-page>
> </form-login-config>
> </login-config>
>
> and as a result i get:
>
> [EmbeddedTomcatSX] User: null is authenticated
> 2001-07-10 01:14:55 - Ctx( /CN_BSC3 ): Exception in: R( /CN_BSC3 +
> /docs/index.jsp + null) - java.lang.NullPointerExcept
> ion
> at
>
org.jboss.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMg
> rRealm.java:113)
> at
>
org.apache.tomcat.core.ContextManager.doAuthenticate(ContextManager.java:837
> )
> at
> org.apache.tomcat.core.RequestImpl.getRemoteUser(RequestImpl.java:341)
> at
>
org.jboss.tomcat.security.JBossSecurityMgrRealm.authorize(JBossSecurityMgrRe
> alm.java:148)
> at
> org.apache.tomcat.core.ContextManager.doAuthorize(ContextManager.java:855)
> at
>
org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:78
> 9)
> at
> org.apache.tomcat.core.ContextManager.service(ContextManager.java:743)
> at
>
org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpC
> onnectionHandler.java:213)
> at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
> at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:501)
> at java.lang.Thread.run(Unknown Source)
>
> and not the login-page. can anyone please point me in the right direction.
>
> jan
>
> --
> Jan Heise / Tel: +49-170-4803237 / E-Mail: [EMAIL PROTECTED]
>
>
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-user
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
