tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: HTTP Status 408!
Date Thu, 10 Jun 2010 13:26:20 GMT
On 10/06/2010 14:19, neo21 zerro wrote:
> 
> Yes every time I want to login!
> 
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>User Application</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>user</role-name>
> </auth-constraint>
> </security-constraint>
> 
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>user</realm-name>
> <form-login-config>
> <form-login-page>/forms/login.html</form-login-page>
> <form-error-page>/forms/error.html</form-error-page>

I usually place them in:

 WEB-INF/login/form.jsp
 WEB-INF/login/error.jsp

so they can't be requested directly.

Use a JSP so you can properly encode the j_security_check URL.

 <%= response.encodeURL('j_security_check') %>



p

> </form-login-config>
> </login-config> 
> <security-role>
>    <description>User Role for authentication</description>
>    <role-name>user</role-name>
> </security-role>
> 
> 
> 
> ------------------------------------------------------------------------
> *From:* Pid <pid@pidster.com>
> *To:* Tomcat Users List <users@tomcat.apache.org>
> *Sent:* Thu, June 10, 2010 3:43:18 PM
> *Subject:* Re: HTTP Status 408!
> 
> On 10/06/2010 12:06, neo21 zerro wrote:
>> Hello ,
>>
>>
>> Good news I found a way to get rid of the error with this code in my JASS:
>> session = req.getSession(true);
>>
>>
>> But now I get another strage error :
>>
>> HTTP Status 400 - Invalid direct reference to form login page
>> ________________________________
>>
>> type Status report
>> message Invalid direct reference to form login page
>> description The request sent by the client was syntactically incorrect
> (Invalid
>> direct reference to form login page).
> 
> Does this occur every time you try to log in?
> 
> Please post the login config from web.xml.
> 
> 
> p
> 
> 
> 
> 
>> ________________________________
>>
>>
>> The response header looks like this:
>>
>>  Response Headersview source
>> Server Apache-Coyote/1.1
>> Content-Type text/html;charset=utf-8
>> Content-Length 1100
>> Date Thu, 10 Jun 2010 10:51:56
>> GMT
>> Connection close
>> Request Headersview source
>> Host localhost:8080
>> User-Agent Mozilla/5.0 (Windows; U;
>> Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
>> Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>> Accept-Language en-us,en;q=0.5
>> Accept-Encoding gzip,deflate
>> Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive 115
>> Connection keep-alive
>> Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617
>> 
>>
>>
>>
>>
>>
>>
>> ________________________________
>> From: Pid <pid@pidster.com <mailto:pid@pidster.com>>
>> To: Tomcat Users List <users@tomcat.apache.org
> <mailto:users@tomcat.apache.org>>
>> Sent: Thu, June 10, 2010 12:13:34 PM
>> Subject: Re: HTTP Status 408!
>>
>> On 09/06/2010 21:52, neo21 zerro wrote:
>>> Hello,
>>>
>>> I'm using Tomcat 6.0.26 with java 1.5 JDK.
>>>
>>>
>>>        I've developed a JAAS login module for my application and when
> I try to login in my app a strange error occur's:
>>>  HTTP Status 408:The time allowed for the login process has been
> exceeded. If you wish to continue you must either click back twice and
> re-click the link you
>>> requested or close and re-open your browser.
>>>      I've made a little research about the problem and everyone said
> that it goes away if you enable the cookies(made that and the error
> still occurs). Another thing is that the actual JAAS login module
> authenticate the user but when it should display the protected resource
> the error occurs.
>>>
>>> So if anyone has some ideas please share!
>>
>> What have you configured the session time to be?
>>
>>
>> p
>>
>>
>>     
> 
> 
> 



Mime
View raw message