有关login-config.xml的配置问题

06-07-12 luo6327529
login-config.xml配置如下:

  <application-policy name="SecurityHouse">

<authentication>

<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"

flag="required">

<module-option name="dsJndiName">java:/house</module-option>

<module-option name="principalsQuery">

SELECT password FROM User WHERE username = ?

</module-option>

<module-option name="rolesQuery">

SELECT RL.name, 'Roles' FROM role as RL, user as U , users_roles as RU WHERE U.Id = RU.userId and RU.roleId = RL.roleId and U.username = ?

</module-option>

</login-module>

</authentication>

</application-policy>

web.xml配置如下:

  <security-constraint>

<display-name>admin security</display-name>

<web-resource-collection>

<web-resource-name>Admin input</web-resource-name>

<url-pattern>/system/*</url-pattern>

</web-resource-collection>

<web-resource-collection>

<web-resource-name>forum admin</web-resource-name>

<url-pattern>/system/admin/*</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>Admin</role-name>

</auth-constraint>

<user-data-constraint>

<transport-guarantee>NONE</transport-guarantee>

</user-data-constraint>

</security-constraint>

<security-constraint>

<display-name>User security</display-name>

<web-resource-collection>

<web-resource-name>User post</web-resource-name>

<url-pattern>/house/*</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>user</role-name>

<role-name>Admin</role-name>

</auth-constraint>

<user-data-constraint>

<transport-guarantee>NONE</transport-guarantee>

</user-data-constraint>

</security-constraint>

<login-config>

<auth-method>FORM</auth-method>

<realm-name>SecurityHouse</realm-name>

<form-login-config>

<form-login-page>/account/sign.do?check</form-login-page>

<form-error-page>/account/sign.do?index.jsp</form-error-page>

</form-login-config>

</login-config>

<security-role>

<description>administrator</description>

<role-name>Admin</role-name>

</security-role>

<security-role>

<description>register user</description>

<role-name>user</role-name>

</security-role>

Jboss-web.xml配置如下:

  <jboss-web>

<security-domain>java:/jaas/SecurityHouse</security-domain>

<context-root>pxtz</context-root>

</jboss-web>

登录后结果如下:

  http://luo:7001/pxtz/j_security_check?j_username=abcdef&j_password=644%3A97%3F7

  错误提示:

   type Status report

   message Invalid direct reference to form login page

   description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).

不知在配置过程中哪里有问题,请各位大哥指教

luo6327529
2006-07-12 11:09

不知在配置过程中哪里有问题,请各位大哥指教

luo6327529724Ip2p01E.txt

banq
2006-07-12 14:29
>http://luo:7001/pxtz/j_security_check?j_username=abcdef&j_password=644%3A97%3F7

不能直接调用/j_security_check,而是调用一个受安全保护的URL,如果没有登录,通过/j_security_check登录后,容器会迅速转移到原先你访问的页面。

但是如果你直接访问,容器就无法知晓了。

luo6327529
2006-07-21 10:33
Banq大哥,你讲的我不是很懂。在jivejdon3实例中我也遇到一样的情况,

能不能麻烦你结合jivejdon3作个讲解。

猜你喜欢