tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From exkor <exkor5...@gmail.com>
Subject URL is "null" and HTTP 404 error when using FROM authentication
Date Fri, 13 Jun 2008 04:47:00 GMT 
Hi

I have this wierd problem i am trying to sovle for a week now, and i
already have gray hair from this mess.
My setup is Apache 2.0, Tomcat 6.0, MySQL 5.0.

I am requesting a protected page in my application:
http://127.0.0.1/myapp/home.jsp

and it takes me to the login page:
http://127.0.0.1/myapp/index.jsp

I type in my username + password and hit login, and brought back to
the login page.
I tried filtering the problem by using BASIC authentication + using
tomcat-users.xml which worked out fine.
FORM + tomcat-users.xml did not work out.

I am totally lost and begining to think that this is some kind of a
bug in j_security_check.
I saw somebody had a very very similar problem but I did not catche
the solution:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200705.mbox/%3c4638F8C3.4070203@christopherschultz.net%3e

In addition I enabled "combined" logging and this is what I see:
127.0.0.1 - - [13/Jun/2008:00:32:45 -0400] "GET /hamula/home.jsp
HTTP/1.1" 200 2250 "null" "Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.04506.30; InfoPath.1)"
127.0.0.1 - - [13/Jun/2008:00:32:45 -0400] "GET
/hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051
"http://127.0.0.1:8080/hamula/home.jsp" "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET
CLR 3.0.04506.30; InfoPath.1)"
127.0.0.1 - - [13/Jun/2008:00:32:49 -0400] "POST
/hamula/j_security_check HTTP/1.1" 200 2250
"http://127.0.0.1:8080/hamula/home.jsp" "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET
CLR 3.0.04506.30; InfoPath.1)"
127.0.0.1 - - [13/Jun/2008:00:32:49 -0400] "GET
/hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051
"http://127.0.0.1:8080/hamula/j_security_check" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET
CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1)"


you can see that in the first entry i get "null" and then 404.
Why is it doing this??

My web.xml is:
<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web
Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
   <display-name>Hamula</display-name>
   <distributable/>
   <servlet>
       <servlet-name></servlet-name>
       <display-name></display-name>
       <servlet-class></servlet-class>
       <load-on-startup>0</load-on-startup>
   </servlet>

   <welcome-file-list>
   <welcome-file>
                 home.jsp
       </welcome-file>
   </welcome-file-list>


   <resource-ref>
       <description>DB Connection</description>
       <res-ref-name>jdbc/hamula</res-ref-name>
       <res-type>javax.sql.DataSource</res-type>
       <res-auth>Container</res-auth>
   </resource-ref>

   <security-constraint>
       <web-resource-collection>
           <web-resource-name>Hamula</web-resource-name>
           <description>Pages accessible by registered users</description>

           <!-- PAGES ACCESIBLE ONLY BY REGISTERED USERS SHOULD BE
ADDED HERE -->
           <url-pattern>/home.jsp</url-pattern>
           <url-pattern>/events.jsp</url-pattern>
           <url-pattern>/profile.jsp</url-pattern>
           <url-pattern>/community.jsp</url-pattern>
           <!--
           THIS IS AN EXAMPLE OF A PATTERN TO MATCH MANY PAGES
           <url-pattern>/protected/*.jsp</url-pattern>
      -->
           <!--
============================================================= -->


           <http-method>DELETE</http-method>
           <http-method>GET</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>
       <auth-constraint>
           <role-name>admin</role-name>
           <role-name>manager</role-name>
       </auth-constraint>
   </security-constraint>

   <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
           <form-login-page>/index.jsp</form-login-page>
           <form-error-page>/index.jsp</form-error-page>
       </form-login-config>
   </login-config>

   <security-role>
       <description>
           The role that is required to access registered user functions and
           pages
       </description>
       <role-name>admin</role-name>
   </security-role>
</web-app>



My context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/hamula" reloadable="true" crossContext="true" debug="99">

   <Logger className="org.apache.catalina.logger.FileLogger"
            prefix="localhost_hamula_log." suffix=".txt"
            timestamp="true"/>

   <Resource name="jdbc/hamula"
             auth="Container"
             type="javax.sql.DataSource"
             driverClassName="com.mysql.jdbc.Driver"
             url="jdbc:mysql://localhost:3306/hamula?autoReconnect=true"/>
             username="root"
             password="skywalker"
         digest="MD5"
             logAbandoned="true"
             removeAbandoned="true"
             removeAbandonedTimeout="10"
             maxActive="20"
             maxIdle="10"
             maxWait="-1"/>


   <Realm className="org.apache.catalina.realm.JDBCRealm"
          driverName="com.mysql.jdbc.Driver"
          connectionURL="jdbc:mysql://localhost:3306/hamula"
          connectionName="root"
          connectionPassword="skywalker"
      digest="MD5"
          userTable="users" userNameCol="uid"
          userCredCol="password"
          userRoleTable="users" roleNameCol="role"/>
</Context>

Thank you!
-Assaf

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Mime
View raw message