tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Smith <li...@invisiblesun.net>
Subject Re: Tomcat Admin 'Invalid Direct Reference' error
Date Sun, 27 Apr 2003 21:12:47 GMT
Yeah, what really surprises me about this is that this straight  
'from-the-box'  I haven't done anything but install ( and re-install)  
Tomcat and modify the tomcat-users.xml file.  Not only is it strange to  
me that there's something wrong out of the box, but that I'm the only  
one who seems to have experienced this strange misbehavior.  Or maybe  
I'm just the only one who's even tried to use the admin app :-) oh well.

-matthew

On Sunday, April 27, 2003, at 01:41  PM, Craig Berry wrote:

> j_security_check is part of the servlet infrastructure implemented by  
> Tomcat, as defined in the servlet 2.3 spec.
>
> Unfortunately, the implementation of this is 'magic' in the sense that  
> there really aren't any simple hooks provided to insert your own code  
> into the process.  The only two options I've found are to delve deep  
> into the Tomcat security code and try to figure out what it's doing,  
> and replicate the parts you need, or to give up on JAAS web security  
> and do your own authentication and cookie management.  Neither is very  
> attractive, alas.
>
> 	-----Original Message-----
> 	From: cameron [mailto:cameron@ogmios.ca]
> 	Sent: Sun 4/27/2003 10:22 AM
> 	To: Tomcat Users List
> 	Cc:
> 	Subject: Re: Tomcat Admin 'Invalid Direct Reference' error
> 	
> 	
>
> 	Where is "j_security_check"? Is it part of Tomcat or it an external
> 	piece? I was just wondering if I wanted j_security_check to do  
> something
> 	funky, is it a class I can inherit from so that I can use my class
> 	instead, is it a servlet that I can replace with my own servlet? I  
> have
> 	done a search, (find / -name "*j_security_check*"), without any  
> results
> 	making me think that it is part of Tomcat. I am guessing it sets some
> 	sort of session variable to state that  the current session is
> 	validated... where are the specs on this so that I can use my own
> 	servlet for validation?
> 	
> 	-Cam
> 	
> 	Craig Berry wrote:
> 	
> 	>Somewhere you are linking to (or loading) your login form page  
> directly, rather than linking to (or loading) a protected page from  
> the application and allowing the security system to redirect you to  
> the login page when needed.
> 	>
> 	>       -----Original Message-----
> 	>       From: Matthew Smith [mailto:matthew@invisiblesun.net]
> 	>       Sent: Sun 4/27/2003 7:16 AM
> 	>       To: tomcat-user@jakarta.apache.org
> 	>       Cc:
> 	>       Subject: Tomcat Admin 'Invalid Direct Reference' error
> 	>
> 	>
> 	>
> 	>       Hi folks.  I just installed Tomcat (4.1.24-LE-jdk14) on mac  
> os x
> 	>       (10.2.5)
> 	>
> 	>       I modified my tomacat-users.xml (See end of email) file to  
> enable the
> 	>       Tomcat Administration webapp by adding a user with role admin  
> and I get
> 	>       the following error:
> 	>
> 	>       <snip>
> 	>       HTTP Status 400 - Invalid direct reference to form login page
> 	>       type Status report
> 	>       message Invalid direct reference to form login page
> 	>       description The request sent by the client was syntactically  
> incorrect
> 	>       (Invalid direct reference to form login page).
> 	>       Apache Tomcat/4.1.24-LE-jdk14
> 	>       </snip>
> 	>
> 	>       This only happens with a valid user and password.  If the  
> username
> 	>       and/or password is incorrect I get the standard invalid  
> username
> 	>       password page.
> 	>
> 	>       Anybody have any idea why this is happening and how to fix it?
> 	>
> 	>       Thanks.
> 	>
> 	>       #tomcat-users.xml
> 	>       <?xml version='1.0' encoding='utf-8'?>
> 	>       <tomcat-users>
> 	>          <role rolename="tomcat"/>
> 	>          <role rolename="role1"/>
> 	>          <role rolename="admin"/>
> 	>          <user username="matthew" password="[realpsswdrmvd]"  
> roles="admin"/>
> 	>          <user username="tomcat" password="tomcat" roles="tomcat"/>
> 	>          <user username="role1" password="tomcat" roles="role1"/>
> 	>          <user username="both" password="tomcat"  
> roles="tomcat,role1"/>
> 	>       </tomcat-users>
> 	>
> 	>
> 	>        
> ---------------------------------------------------------------------
> 	>       To unsubscribe, e-mail:  
> tomcat-user-unsubscribe@jakarta.apache.org
> 	>       For additional commands, e-mail:  
> tomcat-user-help@jakarta.apache.org
> 	>
> 	>
> 	>
> 	>
> 	>
> 	 
> >---------------------------------------------------------------------- 
> --
> 	>
> 	>---------------------------------------------------------------------
> 	>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> 	>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 	>
> 	
> 	
> 	
> 	
> 	---------------------------------------------------------------------
> 	To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> 	For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 	
> 	
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message