tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: j_security_check 404 not found
Date Tue, 01 May 2007 17:27:07 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joe,

Joe A wrote:
> if i redeploy my webapp and try to access a protected page, it will show
> the login
> screen but after clicking login it just reloads the login page instead
> of sending me to the protected page.

That's weird. Are you sure something else isn't going wrong? (Uhh... you
/do/ have the username and password right, right?)

> if i reload the login page it will
> give me access
> to the page i wanted.

Also kinda weird. Are you using cookies and/or URL rewriting? Don't
forget that the form submission to j_security_check needs to be run
through HttpServletResponse.encodeURL.

> if i fill in user/pass and hit login a 2nd time it
> shows:
> 
> HTTP Status 404 - /j_security_check

Yeah, Tomcat isn't set up to allow logins whenever the user wants. It's
strictly REQUEST -> CHALLENGE -> LOGIN -> RESPONSE. If you try to
re-login, Tomcat pretends that j_security_check isn't a valid request.
Kinda stupid IMHO but that's all the servlet spec requires, so that's
all that implemented.

This "feature" is one of the reasons that I switched to SecuriryFilter
(http://securiryfilter.sourceforge.net/). This package tolerates
unexpected logins and is quite extensible.

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGN3hr9CaO5/Lv0PARAlTKAJ94gd4NNzmqppoOqY9bWkqSmOo1PgCgiFHA
ylp2B02mDtRR7L8fLJIAW98=
=ZS4v
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message