tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Muhammad Bilal <muhammad.bi...@cim.com.au>
Subject Tomcat: j_security_check: Form Authentication
Date Thu, 10 Jul 2003 09:00:10 GMT
Hi,

I am using Form Authentication with Tomcat 4.1.18. Every thing seems 
working, when I try to access a protected resource directly, it takes me to 
the login.jsp and if enter correct user/password it logs me in and takes to 
protected resource. But if I try to go to login.jsp first and enters my 
user/password it takes to some thing like 
http://203.32.143.146:8080/test/j_security_check;jsessionid=303C0E68008E1E54F0E2CBAF43553B27
and displays
HTTP Status 400 - Invalid direct reference to form login page
--------------------------------------------------------------------------------
type Status report
message Invalid direct reference to form login page
description The request sent by the client was syntactically incorrect 
(Invalid direct reference to form login page).
--------------------------------------------------------------------------------
Apache Tomcat/4.1.18

j_security_check is the servlet which uses JDBCRealm, I need to know a bit 
of its detail how it works, and how is it possible that we go to login.jsp 
first and then it takes to page we want after success, like the admin 
section works of tomcat http://localhost:8080/admin. Btw, I noticed also, 
if we try to give blank user/password on admin page and click to submit, it 
takes to similar kind of error.

I have following configurations:
In server.xml
         <!-- Tomcat test Context -->
         <Context path="/test" docBase="test" debug="0" reloadable="true" 
crossContext="true">
           <Logger 
className="org.apache.catalina.logger.FileLogger" 
prefix="localhost_test_log." suffix=".txt"  timestamp="true"/>
           <Environment name="maxExemptions" type="java.lang.Integer" 
value="15"/>
           <Parameter name="context.param.name" value="context.param.value" 
override="false"/>

           <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
             	driverName="weblogic.jdbc.mssqlserver4.Driver"
           		connectionURL="jdbc:weblogic:mssqlserver4:tomcatusers@URL"
          		connectionName="dev" connectionPassword="web"
              	userTable="users" userNameCol="user_name" 
userCredCol="user_pass"
    				userRoleTable="user_roles" roleNameCol="role_name" />
         </Context>
In web.xml under /test/WEB-INF

<web-app>
     <display-name>Test by Bilal</display-name>
     <description>It is a test context for authentication.</description>
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>OnJava Application</web-resource-name>
			<url-pattern>/protected/*</url-pattern>
			<http-method>DELETE</http-method>
			<http-method>GET</http-method>
			<http-method>POST</http-method>
			<http-method>PUT</http-method>
		</web-resource-collection>
		<auth-constraint>
			<role-name>onjavauser</role-name>
		</auth-constraint>
		<user-data-constraint>
			<transport-guarantee>NONE</transport-guarantee>
		</user-data-constraint>
	</security-constraint>
	<login-config>
		<auth-method>FORM</auth-method>
		<realm-name>Example Form-Based Authentication Area</realm-name>
		<form-login-config>
			<form-login-page>/login.jsp</form-login-page>
			<form-error-page>/error.jsp</form-error-page>
		</form-login-config>
	</login-config>
</web-app>

In log:

2003-07-10 18:27:52 WebappLoader[/test]: Reloading checks are enabled for 
this Context
2003-07-10 18:27:53 ContextConfig[/test]: WARNING: Security role name 
onjavauser used in an <auth-constraint> without being defined in a 
<security-role>
2003-07-10 18:27:54 ContextConfig[/test]: Configured an authenticator for 
method FORM
2003-07-10 18:27:54 StandardManager[/test]: Seeding random number generator 
class java.security.SecureRandom
2003-07-10 18:27:54 StandardManager[/test]: Seeding of random number 
generator has been completed
2003-07-10 18:27:54 StandardWrapper[/test:default]: Loading container 
servlet default
2003-07-10 18:27:54 StandardWrapper[/test:invoker]: Loading container 
servlet invoker
2003-07-10 18:29:42 JDBCRealm[/test]: Username bob successfully authenticated

Any quick response would be really great.

Thanks,

Bilal


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message