tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: j_security_check 404 not found
Date Tue, 01 May 2007 17:27:07 GMT
Hash: SHA1


Joe A wrote:
> if i redeploy my webapp and try to access a protected page, it will show
> the login
> screen but after clicking login it just reloads the login page instead
> of sending me to the protected page.

That's weird. Are you sure something else isn't going wrong? (Uhh... you
/do/ have the username and password right, right?)

> if i reload the login page it will
> give me access
> to the page i wanted.

Also kinda weird. Are you using cookies and/or URL rewriting? Don't
forget that the form submission to j_security_check needs to be run
through HttpServletResponse.encodeURL.

> if i fill in user/pass and hit login a 2nd time it
> shows:
> HTTP Status 404 - /j_security_check

Yeah, Tomcat isn't set up to allow logins whenever the user wants. It's
strictly REQUEST -> CHALLENGE -> LOGIN -> RESPONSE. If you try to
re-login, Tomcat pretends that j_security_check isn't a valid request.
Kinda stupid IMHO but that's all the servlet spec requires, so that's
all that implemented.

This "feature" is one of the reasons that I switched to SecuriryFilter
( This package tolerates
unexpected logins and is quite extensible.

Hope that helps,
- -chris
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message