tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From B...@sjm.com
Subject RE: j_security_check is not found
Date Fri, 28 Jun 2002 19:20:33 GMT
127.0.0.1 - csdsfwt [28/Jun/2002:10:48:41 -0600] "POST
/security/j_security_check HTTP/1.1" 200 2336

do you know what is the number "2336" at the end of the log string means or
signifies?

Is that the thread ID to forward to?

Bao-Ha Dam Bui
bbui@sjm.com
S. Jude Medical, Inc
651.765.1018


-----Original Message-----
From: Eric Everman [mailto:everman@precedadesign.com] 
Sent: Friday, June 28, 2002 11:53 AM
To: Tomcat Users List
Subject: Re: j_security_check is not found

I can't think of any other way for a server to handle this - the user will 
just have to live with the error page or navigate around it.

When a user attempts to access a protected resource, they are forwarded to 
the login page which posts to j_security_check.  If the login is 
successful, j_security_check redirects the user to the originally request 
resource.  If there is no 'originally request resource' because the user is 
attempting to access j_s_c directly, there is no place for j_s_c to 
redirect to - I'm guessing this is why it sends back the 404 error response.

Most browsers warn the user if they need to re-post information in order to 
'go back' since post means that you are *changing* something on the server 
as a result of your action - in this case logging in, in other cases 
placing a second purchase order for 1000 shares of your favorite stock.

In short, tell this person not to ignore the 're-post' warning.  Some 
things aren't as good the second time ;-)

Eric Everman

At 10:51 AM 6/28/2002, you wrote:
>Hi,
>
>I am using FORM-BASED authentication.  When a user accesses the secured
area
>the first time, the login form is loaded and authentication works fine.
>However, if he/she happens to click on the "Back" button, go to the Login
>form and logs in again (the second time for this session), she gets 404
>error and the page that can not be found is login/j_security_check.
>
>Can anyone tell me what I should do or where to look?  In the
>localhost_access_log, this is the log for the first authentication:
>
>127.0.0.1 - - [28/Jun/2002:10:48:28 -0600] "POST /security/j_security_check
>HTTP/1.1" 302 647
>
>this is log for the second attempt:
>
>127.0.0.1 - csdsfwt [28/Jun/2002:10:48:41 -0600] "POST
>/security/j_security_check HTTP/1.1" 200 2336
>
>As you can see, the second attempt showed the user's name used to
>authenticate the first login.
>
>What do you think this means?
>
>Thanks very much.
>
>Bao-Ha Dam Bui
>bbui@sjm.com
>S. Jude Medical, Inc
>651.765.1018
>


--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message