tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig Berry" <Craig.Be...@portblue.com>
Subject RE: Tomcat Admin 'Invalid Direct Reference' error
Date Sun, 27 Apr 2003 19:25:28 GMT
Probably.  However, I've had great success doing a logout by calling session.invalidate(),
even though that's not guaranteed to work by the standard.

	-----Original Message----- 
	From: cameron [mailto:cameron@ogmios.ca] 
	Sent: Sun 4/27/2003 11:52 AM 
	To: Tomcat Users List 
	Cc: 
	Subject: Re: Tomcat Admin 'Invalid Direct Reference' error
	
	

	is "logOut.do" more magic as well?
	
	-Cam
	
	Craig Berry wrote:
	
	>j_security_check is part of the servlet infrastructure implemented by Tomcat, as defined
in the servlet 2.3 spec.
	>
	>Unfortunately, the implementation of this is 'magic' in the sense that there really aren't
any simple hooks provided to insert your own code into the process.  The only two options
I've found are to delve deep into the Tomcat security code and try to figure out what it's
doing, and replicate the parts you need, or to give up on JAAS web security and do your own
authentication and cookie management.  Neither is very attractive, alas.
	>
	>       -----Original Message-----
	>       From: cameron [mailto:cameron@ogmios.ca]
	>       Sent: Sun 4/27/2003 10:22 AM
	>       To: Tomcat Users List
	>       Cc:
	>       Subject: Re: Tomcat Admin 'Invalid Direct Reference' error
	>      
	>      
	>
	>       Where is "j_security_check"? Is it part of Tomcat or it an external
	>       piece? I was just wondering if I wanted j_security_check to do something
	>       funky, is it a class I can inherit from so that I can use my class
	>       instead, is it a servlet that I can replace with my own servlet? I have
	>       done a search, (find / -name "*j_security_check*"), without any results
	>       making me think that it is part of Tomcat. I am guessing it sets some
	>       sort of session variable to state that  the current session is
	>       validated... where are the specs on this so that I can use my own
	>       servlet for validation?
	>      
	>       -Cam
	>      
	>       Craig Berry wrote:
	>      
	>       >Somewhere you are linking to (or loading) your login form page directly, rather
than linking to (or loading) a protected page from the application and allowing the security
system to redirect you to the login page when needed.
	>       >
	>       >       -----Original Message-----
	>       >       From: Matthew Smith [mailto:matthew@invisiblesun.net]
	>       >       Sent: Sun 4/27/2003 7:16 AM
	>       >       To: tomcat-user@jakarta.apache.org
	>       >       Cc:
	>       >       Subject: Tomcat Admin 'Invalid Direct Reference' error
	>       >     
	>       >     
	>       >
	>       >       Hi folks.  I just installed Tomcat (4.1.24-LE-jdk14) on mac os x
	>       >       (10.2.5)
	>       >     
	>       >       I modified my tomacat-users.xml (See end of email) file to enable the
	>       >       Tomcat Administration webapp by adding a user with role admin and I
get
	>       >       the following error:
	>       >     
	>       >       <snip>
	>       >       HTTP Status 400 - Invalid direct reference to form login page
	>       >       type Status report
	>       >       message Invalid direct reference to form login page
	>       >       description The request sent by the client was syntactically incorrect
	>       >       (Invalid direct reference to form login page).
	>       >       Apache Tomcat/4.1.24-LE-jdk14
	>       >       </snip>
	>       >     
	>       >       This only happens with a valid user and password.  If the username
	>       >       and/or password is incorrect I get the standard invalid username
	>       >       password page.
	>       >     
	>       >       Anybody have any idea why this is happening and how to fix it?
	>       >     
	>       >       Thanks.
	>       >     
	>       >       #tomcat-users.xml
	>       >       <?xml version='1.0' encoding='utf-8'?>
	>       >       <tomcat-users>
	>       >          <role rolename="tomcat"/>
	>       >          <role rolename="role1"/>
	>       >          <role rolename="admin"/>
	>       >          <user username="matthew" password="[realpsswdrmvd]" roles="admin"/>
	>       >          <user username="tomcat" password="tomcat" roles="tomcat"/>
	>       >          <user username="role1" password="tomcat" roles="role1"/>
	>       >          <user username="both" password="tomcat" roles="tomcat,role1"/>
	>       >       </tomcat-users>
	>       >     
	>       >     
	>       >       ---------------------------------------------------------------------
	>       >       To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
	>       >       For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
	>       >     
	>       >     
	>       >
	>       >
	>       >
	>       >------------------------------------------------------------------------
	>       >
	>       >---------------------------------------------------------------------
	>       >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
	>       >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
	>       >
	>      
	>      
	>      
	>      
	>       ---------------------------------------------------------------------
	>       To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
	>       For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
	>      
	>      
	>
	> 
	>
	
	
	
	
	---------------------------------------------------------------------
	To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
	For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
	
	

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message