I'm dipping my toe into the murky waters of Java and I'm working through the PackPub JavaEE 6 With Netbeans7 book . One of the early examples is forms authentication which involves setting up deployment descriptor (web.xml) with a security role 'admin' and a constraint. It then walks you through getting the Glassfish descriptor by assigning these roles to new groups and then using the Glassfish console to create new users in these groups.
When I try and access a page inside this protected page I'm presented with the login page as expected, but my login does not work. Even though I know I am putting in valid credentials created in the glassfish console, I still get my login error page (rendered on the j_security_check URL).
The login page is as basic as it comes:
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Log in to view secure content</title>
</head>
<body>
<h1>Log in</h1>
<form action="j_security_check" method="POST">
<table border="0">
<tbody>
<tr>
<td slign="right">Username: </td>
<td><input type="text" name="j_username" value="" /></td>
</tr>
<tr>
<td slign="right">Password: </td>
<td><input type="password" name="j_password" value="" /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Login" /></td>
</tr>
</tbody>
</table>
</form>
</body>
</html>
I've not configured something, and its probably something really basic, but the book doesn't help with issues such as this so wondered if I could get some pointers on where to start debugging or diagnosing this problem.
My web.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<security-constraint>
<display-name>Admin Pages</display-name>
<web-resource-collection>
<web-resource-name>Administrative pages</web-resource-name>
<description/>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Administrators</description>
<role-name>Admin</role-name>
</security-role>
<security-role>
<description>public user</description>
<role-name>User</role-name>
</security-role>
</web-app>
glassfish-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
<security-role-mapping>
<role-name>Admin</role-name>
<group-name>Admin</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</glassfish-web-app>
I've double checked that in the Glassfish console, I'm editing
Configuartions|Security|Realms|file
and that my new user has a Group list of 'Admin'
Thanks
are you using a custom login page?
if you configured all the stuff also take a look on your login page you should have something like
try with