Tuesday, 17 September 2013

Redirect to a different page after LDAP Authentication

Redirect to a different page after LDAP Authentication

I am using Tomcat, JSP and LDAP Active Directory.
Right now I directly access the login.jsp page and pass in the credentials
to the LDAP Server. ( I should not do this I beleive)
The LDAP configurations for this is under tomcat/conf/server.xml
If I pass on the credentials in the login.jsp page it displays "HTTP
Status 400 - Invalid direct reference to form login page"
I believe the authentication by LDAP is working since if I supply wrong
credentials then I am directed to the error.jsp page.
I would like to know how I can redirect from the login page to someother
page after successful LDAP authentication.
I have done redirects through Servlets, but LDAP authentication looks
different and I dont have lots of experience working with web
applications. Please guide me through the changes I need to make in
web.xml file and I dont show different views/pages for different users,
everyone has same privileges. I also don't use Spring in my application.
My Login Page
<html>
<head>
<title>Login Page for Examples</title>
<body bgcolor="white">
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="j_password"></td>
</tr>
<tr>
<td align="right"><input type="submit" value="Log In"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
</form>
</body>
</html>
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID"
version="2.5">
<display-name>TomAuth</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>*jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/protected/login.jsp</form-login-page>
<form-error-page>/jsp/security/protected/error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)