I'm working with a developer here who just inherited an existing site. It is a Weblogic 8.1 website with j_security_check authentication behind an apache reverse proxy. We're getting some issues with the logins, and are not sure about j_security_check config. It seems very black boxy and magicky. How do we get information on how it's configured, specifically how to change the target page after successful login.
Thank you.
weblogic will automaticly redirect to the requested page. In the web.xml is defined with resources are protected by the form-login (as it is called). So just request the first page and you will be presented with the login. After an successfull login you will be redirected to the original requested page.
You'll see something similar to this in your web.xml (the "myRoleName" will be replaced by the sercurity role as defined in your Webloggic Server Console under Security > Realms > myreal > Groups). If you have multiple roles, this will differ slightly.
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/flows/*</url-pattern>
<url-pattern>Controller.jpf</url-pattern>
<http-method>GET</http-method>
<http-method>Post</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>myRoleName</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>login.jsp</form-login-page>
<form-error-page>fail_login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
Only role for the Application
</description>
<role-name>myRoleName</role-name>
</security-role>
Is it possible to do a POST with j_username and j_password from a different domain to a weblogic install to login ?