tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Mac and Google Authentication Issue
Date Wed, 30 Mar 2011 15:18:16 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dick,

On 3/27/2011 6:57 PM, Dick Eastlake wrote:
> Konstantin Kolinko said:
>> and you are
>> certainly missing closing ">" from the <input> tag
>
> Yup, I mistakenly deleted it trying to clean up the email
>
> <td width="147">
>                               <input tabindex="1" type="text" name="j_username" value="
> <%
>                   out.print(dlb.getEmail() + "\"");
> %>
>                         </td>

It's still missing. :(

I would venture a guess that all that whitespace in the "value"
attribute is going to be problematic at some point, too.

I would also make sure to use an absolute URL for your <form> element
like this:

<form method="POST" action="<%=
response.encodeURL(request.getContextPath() + "/j_security_check")) %>">

It's obviously not causing a problem, now, but it will if you re-locate
the login page and, depending on other factors, if you re-locate your
webapp.

> Here's the access log the entries at 15;34 are using Firefox, the
> ones at 15:42 are Google's browser

NB: it's called "Google Chrome".

> 69.207.4.57 - - [27/Mar/2011:15:34:16 -0700] "GET /Dynacorn/catalog/dealerwelcome.jsp
HTTP/1.1" 200 1870
> 69.207.4.57 - - [27/Mar/2011:15:34:27 -0700] "POST /Dynacorn/catalog/authControl.jsp
HTTP/1.1" 302 -
> 69.207.4.57 - - [27/Mar/2011:15:34:27 -0700] "GET /Dynacorn/catalog/dealer/dealerwelcome.jsp
HTTP/1.1" 200 1893
> 69.207.4.57 - - [27/Mar/2011:15:34:30 -0700] "POST /Dynacorn/catalog/dealer/j_security_check
HTTP/1.1" 302 -
> 69.207.4.57 - sor@sor.com [27/Mar/2011:15:34:30 -0700] "GET /Dynacorn/catalog/dealer/dealerwelcome.jsp
HTTP/1.1" 500 2158

> 69.207.4.57 - - [27/Mar/2011:15:42:14 -0700] "GET /Dynacorn/catalog/dealerwelcome.jsp
HTTP/1.1" 200 1870
> 69.207.4.57 - - [27/Mar/2011:15:42:20 -0700] "POST /Dynacorn/catalog/authControl.jsp
HTTP/1.1" 302 -
> 69.207.4.57 - - [27/Mar/2011:15:42:20 -0700] "GET /Dynacorn/catalog/dealer/dealerwelcome.jsp
HTTP/1.1" 200 1893
> 69.207.4.57 - - [27/Mar/2011:15:42:23 -0700] "POST /Dynacorn/catalog/dealer/j_security_check
HTTP/1.1" 200 676

What were the 676 bytes returned to Google Chrome after j_security_check
was requested?

Servlet container-managed security requires a protected resource to be
requested in order to show the login page and then invoke
j_security_check. Is the protected resource
"/Dynacorn/catalog/authControl.jsp"? If so, it's possible that the POST
size is exceeding the maximum allowable cached POST size during login.

Any idea how many bytes are being POSTed there?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk2TSbgACgkQ9CaO5/Lv0PAt0QCghyzZ7ZoXJFI2aa6VY2zwH2rV
/ioAoLTvrWuyVLIIkdFBeCgWUzlW1APP
=HCpU
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message