cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Container(Form)-based authentication message on error-page

Former Member

on ‎02-15-2006 10:37 AM

0 Kudos

Hi all,

we want to use (form)container-based authentication for our web module. In the web.xml i can specifiy the login and error page.

<form-login-config>

<form-login-page>login.jsp</form-login-page>

<form-error-page>error.jsp</form-error-page>

</form-login-config>

Everything works fine, except i can't figure out how to show a detailed messange in the error.jsp about the error which occured. In other terms i would like to inform the user why the logon was unsuccessful, maybe he is locked or the userid doesn't exists or password is wrong.

I had a look in the servlet 2.3 specification and it stated "The error page sent to a user that is not authenticated contains information about the failure."

Thanks for your help

Matthias Hlubek

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎05-03-2006 3:42 PM
0 Kudos

Hey Matthias,

"Basic" login configuration worked for me and now, I am trying to do a form based login. What did you specify as 'action' in your login.jsp ?

Also, when using any of the predefined authorization schemes (Basic, form, Digest, client-cert), finally the users have to be configured using Visual Administrator's Security Provider Service for that application component. So, does this mean that the users should exist in only the UME?

My question is, can we have a custom login module stack (my custom login module in it) and not use UME to store users? My app. should provider a login page and take username/pwd and use the custom login module and authenticate by external mechanisms (trying to use an older code for authentication) against an unrelated database.

Thanks,

Kiran

Show replies
Show replies
Former Member
‎02-15-2006 11:09 AM
0 Kudos

Hi,

Asumed the rest is defined properly (who might access and appropriate realm in web.xml) and you have your error.jsp implemented as described above, I would include the following within web.xml as well:

<!-- catching the errors -->

<error-page>

<exception-type>javax.servlet.ServletException</exception-type>

<exception-type>java.lang.Exception</exception-type>

<location>/error.jsp</location>

</error-page>

<error-page>

<error-code>404</error-code>

<location>/error.jsp?code=404</location>

</error-page>

Hope this helps.

M.

Show replies
Show replies
Yashpal
Active Contributor
‎02-15-2006 10:48 AM
0 Kudos

Hi Matthias,

In the login page create a RunTimeException Object and pass the parameter u want to set i.e error description.......

if(request.getParameter("name")==null)

{ throw new RuntimeException("Name not Scecified");

}

In the ErrorPage print the error description by

<%=exception.getMessage()%>

Regards,

Yash

Message was edited by: Yashpal Gupta

Message was edited by: Yashpal Gupta

Show replies
Show replies
Former Member
‎02-15-2006 11:10 AM
0 Kudos

Hi Yashpal,

if i got you right the login page should a throw a exception. But the login page just contains a form to submit j_username and j_password to the container. How can i create a Exception then ?

Does the web container throw the exception too ?

And how to retrieve it in the error page ?

best regards,

Matthias Hlubek

Former Member
‎02-15-2006 12:17 PM
0 Kudos

Hi Matthias,

you can map an error page to an exception. Anyway, have a look at <a href="http://help.sap.com/saphelp_nw04/helpdata/en/9a/e74d426332bd30e10000000a155106/frameset.htm">this page</a> that present various ways of configuring error pages for your web apps.

Hope that helps!

Former Member
‎02-15-2006 12:41 PM
0 Kudos

Hi Ivaylo,

thanks for the link, but i think the root of the problem is that i can't get any feedback of the webcontainer authentication process.

best regards,

Matthias Hlubek

Former Member
‎02-15-2006 1:29 PM
0 Kudos

Hi Matthias,

in case the authentication fails, the web container should set the following standard attributes to the request object: javax.servlet.error.message, javax.servlet.error.status_code, etc. (see the page I linked you to in the previous message). Then, inside your error page, you can use the request.getAttribute("javax.servlet.error.message") to retrieve the error message and display it to the user. There's an example about that under the link I provided.

So, to summarize: If the authentication fails, the page that you've set up in the web.xml is returned. Inside your error page, use the "error" attributes to obtain details about the error.

Does that explain things better now?

Regards,

Ivo

Former Member
‎02-15-2006 2:10 PM
0 Kudos

Hi Ivaylo,

great, thanks for your explanation. First i just tried to get the error message with request.getAttribute("javax.servlet.error.message")%> but i was always got null. Therefore i thought i did something wrong. Now i use request.getAttribute("javax.servlet.error.status_code") and i get 500. But i guess this is another story

thanks Ivaylo

best regards,

Matthias Hlubek

Former Member
‎02-16-2006 4:58 AM
0 Kudos

Hi Ivo,

zdr.), I see from the posts you are experienced in the area that I am interesting as well. Do you mind exchanging emails so we can exchange better info - I got an array of issues ? I will be glad to reward points here but will also appreciate if we could get in touch . Thanks much in advance for your reply! Boby , brpitsev@yahoo.com

Ask a Question