Vyara,

Thanks for pointing me in the right direction.

The answer is

<form method=”POST” action=”j_security_check”>
<input type=”text” name=”j_username”>
<input type=”password” name=”j_password”>
</form>

Thanks,

Kiran

Hi all,

I have a login.jsp that point to home.jsp:

In login.jsp:

<FORM action='<%= response.encodeURL("j_security_check") %>' name="FRM_LOG" method="post">.....

In home.jsp:;

<%@ page import="javax.servlet.http.HttpServletRequest,amis.util.,amis.svc.user., amis.IDAMServer., java.io., amis.svc.cache.*" %>

<%! amis.svc.user.IAmisUser au;%>

<% au = amis.svc.user.AmisUser.getInstance(request,session);

%>

<html>

<head>

<%

String user = request.getUserPrincipal().getName();

session.setAttribute("idamUser",user);

if (request.isUserInRole( "xxxxx" )) { %>...

When I logon the login.jsp, then the browser go to http://milds2004:50100/HKN/jsp/j_security_check and this error:

404 Not Found

SAP J2EE Engine/7.00

The requested resource does not exist.

Details: Go to main page of this application!

What is worng? I hope in you help. thx

Vito

Hello Vito,

What exactly do you mean by login.jsp points to home.jsp? Can you please give a code snippet?

What is the html source of the form that is generated when you request the login.jsp?

Regards

Vyara

Hi Vyara,

the user insert login and password using the form in login.jsp page. The he has to view the home.jsp page.

I call directly the login.jsp.

Thanks,

Vito

Now I changed the <FORM action='<%= response.encodeURL("j_security_check") %>' name="FRM_LOG" method="post">

with

<%

String home = "home.jsp";

%>

<FORM action='<%= home %>' name="FRM_LOG" method="post">

<tr class="contentTop">

Bojidar,

I am using a custom login module and a login page with a form (taking user/pwd) whose action points to a servlet. This servlet does the following

try {
			LoginContext lc = new LoginContext("MyLoginStack");
			lc.login();
				} catch (LoginException le) {
					}

When I try to access a protected resource in my web application, I am correctly taken to the login page and once I get authenticated (by my login module), I can see the protected page, which works perfect.

But, the problem comes when I try to go to the login page directly (not by accessing a protected resource and then getting the login page), I get an exception at lc.login().. I found the problem by debugging that the CallbackHandler in my login module is null (obviously, as I am not passing any callback handler).

The question is "How do I create and pass a callbackhandler (HttpCallbackHandlerImpl) to new LoginContext ("MyLoginStack", ..http call back handler.. )?"

Any pointers appreciated.

Thanks,

Kiran

Hi Bojidar,

Thanks for the response. I tried that but HttpCallbackHandlerImpl doesn't have a (request, response) constructor. It has just one parameter of type 'HttpRequestClientInfo'.

Let me know if there's a different version of sp we are using. I am on sp13.

The reason I wanted to make it work is, I want to see if there's a way to protect a web application using custom login modules and with users not in UME. As I see when I create a security role I can only add users from UME in visual administrator to my security role. I don't see that's possible but trying to confirm.

Thanks,

Kiran

Bojidar,

Thanks for the links but I have already looked at them before (Please refer to the link in the first post in this thread). The declarative security (concepts of security role in web.xml) is tied with UME. There is no way to add a userid/pwd to a security role without that user id belonging to the UME.

Thanks for your time,

Kiran

hi kiran have you managed to use HttpCallbackHandlerImpl in your LoginContext?

like kiran, the HttpCallbackHandlerImpl in my library only contains a constructor that accepts HttpRequestClientInfo which in turns requires HttpParameters, ApplicationContext which in turn require ... it just goes on and on.

can anyone tell me how else my servlet should pass the CallbackHandler from LoginContext?

Chee,

Sorry. I did not find a way. I have not researched on this more. But please do let us know if you find a way.

Thanks,

Kiran

i finally got it to work.

i created my own callbackhandler:

package test;

import javax.security.auth.callback.*;
import com.sap.engine.lib.security.http.HttpGetterCallback;
import com.sap.engine.lib.security.http.HttpCallback;
import javax.servlet.http.HttpServletRequest;

class MyCallbackHandler implements CallbackHandler {
	private HttpServletRequest request;

	public MyCallbackHandler(HttpServletRequest req) {
		this.request = req;
	}

	public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
		for (int i = 0; i < callbacks.length; i++) {
		    if (callbacks<i> instanceof HttpGetterCallback) {
				HttpGetterCallback cb = (HttpGetterCallback)callbacks<i>;
				cb.setType(HttpCallback.REQUEST_PARAMETER);
				cb.setName("user_name");
				cb.setValue(new String[]{(String)request.getParameter("user_name")});
	 	    } else {
		 		throw new UnsupportedCallbackException(callbacks<i>, "Unrecognized Callback");
	 	    }
		}
	}
}

cheechoong

acceval pte ltd

Hey Chee,

Thanks for sharing with us.

Regards,

Kiran