on 05-04-2006 1:11 PM
Hello All,
I have a question on using form based login authentication scheme. And I am using this (<a href="http://help.sap.com/saphelp_nw04/helpdata/en/fa/253d408ae01f24e10000000a1550b0/frameset.htm">link</a>) but instead of BASIC, I am trying to use FORM. What I don't know if what to put in the jsp for <form action=????>. I just tried without having the action attribute for form and if I try to access any JSP in my web app, I am taken to the login.html which works as expected.. ..but what do I put as value for "action" attribute in order to succesfully login?
Thanks,
Kiran
Hello Kiran,
Refer to the Servlet specification the part for Form Based Authentication (11.5.3). There is a simple example in it as well.
Regards
Vyara
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi all,
I have a login.jsp that point to home.jsp:
In login.jsp:
<FORM action='<%= response.encodeURL("j_security_check") %>' name="FRM_LOG" method="post">.....
In home.jsp:;
<%@ page import="javax.servlet.http.HttpServletRequest,amis.util.,amis.svc.user., amis.IDAMServer., java.io., amis.svc.cache.*" %>
<%! amis.svc.user.IAmisUser au;%>
<% au = amis.svc.user.AmisUser.getInstance(request,session);
%>
<html>
<head>
<%
String user = request.getUserPrincipal().getName();
session.setAttribute("idamUser",user);
if (request.isUserInRole( "xxxxx" )) { %>...
When I logon the login.jsp, then the browser go to http://milds2004:50100/HKN/jsp/j_security_check and this error:
404 Not Found
SAP J2EE Engine/7.00
The requested resource does not exist.
Details: Go to main page of this application!
What is worng? I hope in you help. thx
Vito
Bojidar,
I am using a custom login module and a login page with a form (taking user/pwd) whose action points to a servlet. This servlet does the following
try {
LoginContext lc = new LoginContext("MyLoginStack");
lc.login();
} catch (LoginException le) {
}
When I try to access a protected resource in my web application, I am correctly taken to the login page and once I get authenticated (by my login module), I can see the protected page, which works perfect.
But, the problem comes when I try to go to the login page directly (not by accessing a protected resource and then getting the login page), I get an exception at lc.login().. I found the problem by debugging that the CallbackHandler in my login module is null (obviously, as I am not passing any callback handler).
The question is "How do I create and pass a callbackhandler (HttpCallbackHandlerImpl) to new LoginContext ("MyLoginStack", ..http call back handler.. )?"
Any pointers appreciated.
Thanks,
Kiran
Hi Bojidar,
Thanks for the response. I tried that but HttpCallbackHandlerImpl doesn't have a (request, response) constructor. It has just one parameter of type 'HttpRequestClientInfo'.
Let me know if there's a different version of sp we are using. I am on sp13.
The reason I wanted to make it work is, I want to see if there's a way to protect a web application using custom login modules and with users not in UME. As I see when I create a security role I can only add users from UME in visual administrator to my security role. I don't see that's possible but trying to confirm.
Thanks,
Kiran
Hi Kiran,
i think there are some helpful documents, describing usage of loging modules:
http://help.sap.com/saphelp_nw04/helpdata/en/8c/f03541c6afd92be10000000a1550b0/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/c2/68560636e84b4baed62fad3d97e28e/frameset.htm
Regards
Bojidar
Bojidar,
Thanks for the links but I have already looked at them before (Please refer to the link in the first post in this thread). The declarative security (concepts of security role in web.xml) is tied with UME. There is no way to add a userid/pwd to a security role without that user id belonging to the UME.
Thanks for your time,
Kiran
hi kiran have you managed to use HttpCallbackHandlerImpl in your LoginContext?
like kiran, the HttpCallbackHandlerImpl in my library only contains a constructor that accepts HttpRequestClientInfo which in turns requires HttpParameters, ApplicationContext which in turn require ... it just goes on and on.
can anyone tell me how else my servlet should pass the CallbackHandler from LoginContext?
i finally got it to work.
i created my own callbackhandler:
package test;
import javax.security.auth.callback.*;
import com.sap.engine.lib.security.http.HttpGetterCallback;
import com.sap.engine.lib.security.http.HttpCallback;
import javax.servlet.http.HttpServletRequest;
class MyCallbackHandler implements CallbackHandler {
private HttpServletRequest request;
public MyCallbackHandler(HttpServletRequest req) {
this.request = req;
}
public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks<i> instanceof HttpGetterCallback) {
HttpGetterCallback cb = (HttpGetterCallback)callbacks<i>;
cb.setType(HttpCallback.REQUEST_PARAMETER);
cb.setName("user_name");
cb.setValue(new String[]{(String)request.getParameter("user_name")});
} else {
throw new UnsupportedCallbackException(callbacks<i>, "Unrecognized Callback");
}
}
}
}
cheechoong
acceval pte ltd
User | Count |
---|---|
94 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.