tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Everman <ever...@precedadesign.com>
Subject Re: j_security_check is not found
Date Fri, 28 Jun 2002 16:52:51 GMT
I can't think of any other way for a server to handle this - the user will 
just have to live with the error page or navigate around it.

When a user attempts to access a protected resource, they are forwarded to 
the login page which posts to j_security_check.  If the login is 
successful, j_security_check redirects the user to the originally request 
resource.  If there is no 'originally request resource' because the user is 
attempting to access j_s_c directly, there is no place for j_s_c to 
redirect to - I'm guessing this is why it sends back the 404 error response.

Most browsers warn the user if they need to re-post information in order to 
'go back' since post means that you are *changing* something on the server 
as a result of your action - in this case logging in, in other cases 
placing a second purchase order for 1000 shares of your favorite stock.

In short, tell this person not to ignore the 're-post' warning.  Some 
things aren't as good the second time ;-)

Eric Everman

At 10:51 AM 6/28/2002, you wrote:
>Hi,
>
>I am using FORM-BASED authentication.  When a user accesses the secured area
>the first time, the login form is loaded and authentication works fine.
>However, if he/she happens to click on the "Back" button, go to the Login
>form and logs in again (the second time for this session), she gets 404
>error and the page that can not be found is login/j_security_check.
>
>Can anyone tell me what I should do or where to look?  In the
>localhost_access_log, this is the log for the first authentication:
>
>127.0.0.1 - - [28/Jun/2002:10:48:28 -0600] "POST /security/j_security_check
>HTTP/1.1" 302 647
>
>this is log for the second attempt:
>
>127.0.0.1 - csdsfwt [28/Jun/2002:10:48:41 -0600] "POST
>/security/j_security_check HTTP/1.1" 200 2336
>
>As you can see, the second attempt showed the user's name used to
>authenticate the first login.
>
>What do you think this means?
>
>Thanks very much.
>
>Bao-Ha Dam Bui
>bbui@sjm.com
>S. Jude Medical, Inc
>651.765.1018
>


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message