B
brianlafertewk
Guest
I've started digging into implementing form based authentication to our Active Directory. So far I have been able to get the formLoginModel to work. I can successfully log in using the default static/auth/login.jsp, and get a good client principal in the ABL. I was then able to create a custom login screen, without much trouble. (Hint for those trying, authFilters.xml in 11.7.2/11.7.3 has the location of the logic page hard coded to '/static/auth/login.jsp'. Replace the value with '${http.formlogin.loginpage}' to be able to control the location with the oeablSecurity.properties 'http.formlogin.loginpage' variable.). What I'm trying to understand now is how to handle login exceptions. For example, if I login with the wrong password, 'j_spring_security_check' returns an HTTP 401 with an exception page. I would have expect it to push me over to the value in 'http.formlogin.failureurl', rather than return an exception. I can get around the return of the exception by making an AJAX request to 'j_spring_security_check', set the 'Accept' header to 'application/json' and get a JSON response. Is that how it's meant to be done? Is there any walk-thru documentation for setting up form based authentication? I've read through the oeablSecurity.properties.README file and while there is an example of the 'http.formlogin' variable, there is no description of how they are meant to be used. Thanks, Brian .
Continue reading...
Continue reading...