By Date:	<-- -->
By Thread:	<-- -->

Problem in j_security_check

From: David Smith <dns4 (at) cornell.edu>
Date: Fri, 03 Feb 2006 08:44:37 -0500

A quick overview of how authentication works might be helpful here. Here's the sequence of events:

1) User requests a secured resource 2) The server internally redirects the user to login.jsp (note: the client NEVER directly requests login.jsp) 3) The user enters his/her credentials and submits 4) The system authenticates the user and returns the originally requested resource.

So what you really want to do is link to /seraf/index.jsp (or whatever...) and let tomcat handle making sure the user is entitled to it or not.

--David

Prashant Saraf wrote:

i created a link which connect to login.jsp then also it not works:(

On 2/3/06, David Delbecq <delbd (at) oma.be> wrote:

This mean you tried to access login form directly. This is not allowed
in j2ee specifications.
Access to login form should only be triggered by server on demand. You
can't force a login.
To access login page, simply put a link to saraf/index.html (simple
example)
Prashant Saraf a écrit :

i have a problem in Tomcat & jsp when i use j_security_check it gives me following error. The request sent by the client was syntactically incorrect (Invalid

direct

reference to form login page
why this so
my web.xml....

<?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?>


<web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee "
 xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance "
 xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
"
 version=3D" 2.4">

 <description>
  My first jsp example
 </description>
 <display-name>Work on Jsp</display-name>

 <security-constraint>
     <display-name>TestApp Security Constraint</display-name>
     <web-resource-collection>
          <web-resource-name>Protected Area</web-resource-name>
          <!-- Define the context-relative URL(s) to be protected -->

<!-- If you list http methods, only those methods are

protecte=

d
-->
          <http-method>DELETE</http-method>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
         <http-method>PUT</http-method>
         <url-pattern>/saraf/*</url-pattern>
     </web-resource-collection>
     <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area
-->
         <role-name>*</role-name>
     </auth-constraint>
 </security-constraint>

 <!-- Default login configuration uses form-based authentication -->
 <login-config>
   <auth-method>FORM</auth-method>
   <realm-name>Form-Based Authentication</realm-name>
   <form-login-config>
     <form-login-page>/login.jsp</form-login-page>
     <form-error-page>/error.jsp</form-error-page>
   </form-login-config>
 </login-config>
 <!-- Security roles referenced by this web application -->
</web-app>


--
Cup of Java + Suger of XML = Secure WebApp

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
For additional commands, e-mail: users-help (at) tomcat.apache.org

--
Cup of Java + Suger of XML = Secure WebApp

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
For additional commands, e-mail: users-help (at) tomcat.apache.org

Follow-Ups:
- Problem in j_security_check
  - From: Prashant Saraf <xprotection (at) gmail.com>

References:
- Problem in j_security_check
  - From: Prashant Saraf <xprotection (at) gmail.com>
- Problem in j_security_check
  - From: David Delbecq <delbd (at) oma.be>
- Problem in j_security_check
  - From: Prashant Saraf <xprotection (at) gmail.com>

Prev by Date: Jcoverage
Next by Date: Problem in j_security_check
Previous by thread: Problem in j_security_check
Next by thread: Problem in j_security_check
Index(es):
- Main
- Thread