tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Server returned HTTP response code: 408 for URL: https...j_security_check
Date Wed, 24 Dec 2008 00:35:51 GMT
Hash: SHA1

To whom it may concern,

(Can you set your name in your email client? It's irritating to write to
an email address that doesn't indicate a name. You also don't include
your name in your posts.) wrote:
>          URL url = new URL("https://localhost:6143/mywebservice/action/j_security_check");
>          HttpURLConnection connection = (HttpURLConnection) url.openConnection();
>          connection.setRequestMethod("POST");

As Chuck pointed out (without saying it explicitly), Tomcat does not
allow drive-by logins. If you need this feature, you will have to either
hack Tomcat or use a separate tool.

Securityfilter ( is a replacement
for container-based authentication and authorization and allows you to
do drive-by logins if you wish (that is, POST directly to
j_security_check with a username and password).

In any case, you'll have to do JSESSIONID management yourself on the
client, either by reading the JSESSIONID cookie, or sniffing the
"jsessionid" request parameter returned in redirect URLs provided by the
server. I recommend the cookie option.

- -chris

Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message