Please help! SecurityFilter redirects to login page again...

Discussion in 'Java' started by Peet, Jun 28, 2006.

  1. Peet

    Peet Guest

    Hi All,


    I have a problem around authenticating with SecurityFilter, and can't
    see the reasons...
    Container is Tomcat 5.5.9.
    The problem is:
    After successful authentication, response is the login page again,
    although form-default-page property is a redirect.jsp for
    securityfilter, where I redirect users to the proper role's starting
    page. If I input and send user information again, the redirect works
    properly. Just for the second time... I can't see the reasons... I have

    already used securityfilter, and haven't had this error there.
    I have debugged redirect.jsp, and could see that on the line
    "response.sendRedirect(basePath + "admin/index.jsp")" has run, but the
    result is the login page again..

    When I try to access some resources within the protected area, after
    authentication the redirect is correct.
    The above described error exists only when I try to do a direct login,
    and hope to be redirected to the form-default-page...

    Any idea, please...?


    redirect.jsp's running section:


    <%@ page language="java" import="java.util.*"
    pageEncoding="iso-8859-2"%>
    <%
    String path = request.getContextPath();
    String basePath =
    request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";

    if(request.isUserInRole("admin")){
    response.sendRedirect(basePath + "admin/index.jsp");
    System.out.println(basePath + "admin/index.jsp");

    }else if(request.isUserInRole("modifier")){


    response.sendRedirect(basePath + "modifier/index.jsp");

    }else if(request.isUserInRole("inquirier")){


    response.sendRedirect(basePath + "inquirier/index.jsp");

    }else {


    response.sendRedirect(basePath + "index.jsp");


    }


    %>


    *******************************************************
    securityfilter-config.xml:


    <?xml version="1.0" encoding="ISO-8859-1"?>
    <!DOCTYPE securityfilter-config PUBLIC
    "-//SecurityFilter.org//DTD Security Filter Configuration 2.0//EN"
    "http://www.securityfilter.org/dtd/securityfilter-config_2_0.dtd">


    <securityfilter-config>


    <!-- security konfiguracio START-->
    <!-- admin resources START-->
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Admin
    resources</web-resource-name>
    <description> accessible by authenticated users
    of the
    admin role</description>
    <url-pattern>/admin/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    <http-method>PUT</http-method>
    <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
    <description>These roles are allowed
    access</description>
    <role-name>admin</role-name>
    </auth-constraint>
    </security-constraint>
    <!-- admin resources END-->


    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>lm realm</realm-name>
    <form-login-config>
    <form-login-page>/index.jsp</form-login-page>


    <form-error-page>/index.jsp?badpassw=Y</form-error-page>

    <form-default-page>/redirect.jsp</form-default-page>
    </form-login-config>
    </login-config>


    <security-role>
    <description>admin role has access to this web
    application</description>
    <role-name>admin</role-name>
    </security-role>


    <realm
    className="org.securityfilter.realm.catalina.CatalinaRealmAdapter" />


    <realm className="org.apache.catalina.realm.JDBCRealm">
    <realm-param name ="driverName"
    value="com.microsoft.jdbc.sqlserver.SQLServerDriver" />
    <realm-param name ="connectionURL"
    value="jdbc:microsoft:sqlserver://127.0.0.1:1433;DatabaseName=db_licenceman­ager;User=myuser;Password=mypassword;SelectMethod=cursor"/>

    <realm-param name ="connectionName" value="myuser" />
    <realm-param name ="connectionPassword" value="mypassword"
    />
    <realm-param name ="userTable" value="users" />
    <realm-param name ="userNameCol" value="user_name" />
    <realm-param name ="userCredCol" value="password" />
    <realm-param name ="userRoleTable" value="user_roles" />
    <realm-param name ="roleNameCol" value="role_name" />
    </realm>


    <!-- <realm className="org.apache.catalina.realm.MemoryRealm"
    /> -->


    <!-- security konfiguracio END-->


    </securityfilter-config>


    *******************************************************
    web.xml:


    <?xml version="1.0" encoding="ISO-8859-1" ?>


    <!DOCTYPE web-app PUBLIC
    "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">


    <web-app>
    <!-- filter: securityfilter konfiguracio START-->
    <filter>
    <filter-name>Security Filter</filter-name>


    <filter-class>org.securityfilter.filter.SecurityFilter</filter-class>
    <init-param>
    <param-name>config</param-name>

    <param-value>/WEB-INF/securityfilter-config.xml</param-value>
    </init-param>
    <init-param>
    <param-name>validate</param-name>
    <param-value>true</param-value>
    </init-param>
    </filter>


    <!-- map all requests to the SecurityFilter, control what it
    does with
    configuration settings -->
    <filter-mapping>
    <filter-name>Security Filter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!-- filter: securityfilter konfiguracio END-->
    <servlet>
    <servlet-name>action</servlet-name>


    <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
    <init-param>
    <param-name>config</param-name>
    <param-value>/WEB-INF/struts-config.xml</param-value>
    </init-param>
    <init-param>
    <param-name>debug</param-name>
    <param-value>3</param-value>
    </init-param>
    <init-param>
    <param-name>detail</param-name>
    <param-value>3</param-value>
    </init-param>
    <load-on-startup>0</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>action</servlet-name>
    <url-pattern>*.do</url-pattern>
    </servlet-mapping>
    </web-app>


    Thanks in advance...
    Peet
     
    Peet, Jun 28, 2006
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.