I've started digging into implementing form based authentication to our Active Directory.
So far I have been able to get the formLoginModel to work. I can successfully log in using the default static/auth/login.jsp, and get a good client principal in the ABL.
I was then able to create a custom login screen, without much trouble. (Hint for those trying, authFilters.xml in 11.7.2/11.7.3 has the location of the logic page hard coded to '/static/auth/login.jsp'. Replace the value with '${http.formlogin.loginpage}' to be able to control the location with the oeablSecurity.properties 'http.formlogin.loginpage' variable.).
What I'm trying to understand now is how to handle login exceptions. For example, if I login with the wrong password, 'j_spring_security_check' returns an HTTP 401 with an exception page. I would have expect it to push me over to the value in 'http.formlogin.failureurl', rather than return an exception.
I can get around the return of the exception by making an AJAX request to 'j_spring_security_check', set the 'Accept' header to 'application/json' and get a JSON response. Is that how it's meant to be done?
Is there any walk-thru documentation for setting up form based authentication? I've read through the oeablSecurity.properties.README file and while there is an example of the 'http.formlogin' variable, there is no description of how they are meant to be used.
Thanks,
Brian
.
Hi Brian,
If you do not want to display your custom JSP pages and display something like your own HTML pages based on response code then I would do that by sending 'application/json' in my 'Accept' header. I like that approach as I can control and decide on the kind of page/alert boxes to display based on the return exception status code.
I think we have a documentation on configuring custom JSP pages for form Authentication, I will look into it and share it with you.
Thank you Irfan.
If you could point me to the documentation, it would be much appreciated.
Have a great day,
Brian