Orbeon Forms community mailing list

authentication samples

classic Classic list List threaded Threaded
4 messages Options
hodack
Reply | Threaded
Open this post in threaded view
|

authentication samples

hodack
Hi,

In the authentication samples, if login is not successful, password and
username are transmitted in clear in the URL, is it possible to change
this behavior ?

Thanks.



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
hodack
Reply | Threaded
Open this post in threaded view
|

Re: authentication samples

hodack
To be more precise, here is what appears on the URL bar :
ops/j_security_check?j_username=username&j_password=psswd
if authentication is not successful.


Kim-Vân Ho-Dac a écrit :
> Hi,
>
> In the authentication samples, if login is not successful, password
> and username are transmitted in clear in the URL, is it possible to
> change this behavior ?
>
> Thanks.
>




--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: authentication samples

Alessandro Vernet
Administrator
On 8/24/07, Kim-Vân Ho-Dac <[hidden email]> wrote:
> To be more precise, here is what appears on the URL bar :
> ops/j_security_check?j_username=username&j_password=psswd
> if authentication is not successful.

Yes, it is just a matter of adding method="post" on the form used to
get the login/password in login.xhtml. And you are right, we should do
that. So I modified to example to add method="post".

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Vlad
Reply | Threaded
Open this post in threaded view
|

Re: authentication samples

Vlad
Hello,

I'm having a Java authentication - related problem . After clicking login in the form (login.xhtml) I get the following error (the URL I see in the address bar is localhost:8080/orbeon/j_security_check) :


Orbeon Forms - Page Not Found

We are sorry, but the resource you have requested is not available on this server.


Maybe that's not the correct URL for j_security_check ?

I get this error in any application , as well as java-authentication example application.

This is my <login-config> element in web.xml :

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/java-authentication/login</form-login-page>
            <form-error-page>/java-authentication/login-error</form-error-page>
        </form-login-config>
    </login-config>

The pop-up authentication works fine , only the one from the interface "throws" that error.

Just to mention it , I didn't change the content of login.xhtml , it's the default one ; it uses POST and the form action attr is "/j_security_check" :

<form action="/j_security_check" method="post">


Thank you !
Free forum by Nabble Edit this page