Problem in j_security_check
- From: David Delbecq <delbd (at) oma.be>
- Date: Fri, 03 Feb 2006 14:32:39 +0100
Once again, login form can only be accessed on demand by server. This
mean access to you login.jsp will only occur as a result of a jsp
forward internal to server at the first time you enter a secure area.
You can't either access j_security_check either login.jsp directly. The
required data in server would not be setup and you'll only trigger an
exception.
Prashant Saraf a écrit :
>i created a link which connect to login.jsp then also it not works:(
>
>On 2/3/06, David Delbecq <delbd (at) oma.be> wrote:
>
>
>>This mean you tried to access login form directly. This is not allowed
>>in j2ee specifications.
>>Access to login form should only be triggered by server on demand. You
>>can't force a login.
>>To access login page, simply put a link to saraf/index.html (simple
>>example)
>>Prashant Saraf a écrit :
>>
>>
>>
>>>i have a problem in Tomcat & jsp
>>>when i use j_security_check it gives me following error.
>>>The request sent by the client was syntactically incorrect (Invalid
>>>
>>>
>>direct
>>
>>
>>>reference to form login page
>>>why this so
>>>my web.xml....
>>>
>>><?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?>
>>>
>>>
>>><web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee "
>>> xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance "
>>> xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee
>>>http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
>>>"
>>> version=3D" 2.4">
>>>
>>> <description>
>>> My first jsp example
>>> </description>
>>> <display-name>Work on Jsp</display-name>
>>>
>>> <security-constraint>
>>> <display-name>TestApp Security Constraint</display-name>
>>> <web-resource-collection>
>>> <web-resource-name>Protected Area</web-resource-name>
>>> <!-- Define the context-relative URL(s) to be protected -->
>>>
>>> <!-- If you list http methods, only those methods are
>>>
>>>
>>protecte=
>>
>>
>>>d
>>>-->
>>> <http-method>DELETE</http-method>
>>> <http-method>GET</http-method>
>>> <http-method>POST</http-method>
>>> <http-method>PUT</http-method>
>>> <url-pattern>/saraf/*</url-pattern>
>>> </web-resource-collection>
>>> <auth-constraint>
>>> <!-- Anyone with one of the listed roles may access this area
>>>-->
>>> <role-name>*</role-name>
>>> </auth-constraint>
>>> </security-constraint>
>>>
>>> <!-- Default login configuration uses form-based authentication -->
>>> <login-config>
>>> <auth-method>FORM</auth-method>
>>> <realm-name>Form-Based Authentication</realm-name>
>>> <form-login-config>
>>> <form-login-page>/login.jsp</form-login-page>
>>> <form-error-page>/error.jsp</form-error-page>
>>> </form-login-config>
>>> </login-config>
>>> <!-- Security roles referenced by this web application -->
>>></web-app>
>>>
>>>
>>>--
>>>Cup of Java + Suger of XML = Secure WebApp
>>>
>>>
>>>
>>>
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
>>For additional commands, e-mail: users-help (at) tomcat.apache.org
>>
>>
>>
>>
>
>
>--
>Cup of Java + Suger of XML = Secure WebApp
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
For additional commands, e-mail: users-help (at) tomcat.apache.org