Problem in j_security_check
- From: Prashant Saraf <xprotection (at) gmail.com>
- Date: Fri, 3 Feb 2006 19:21:05 +0530
i did same
now it gives following error
The requested resource (/saraf/protected/j_security_check) is not available.
Do i need edit server.xml or any other file.
On 2/3/06, David Smith <dns4 (at) cornell.edu> wrote:
>
> A quick overview of how authentication works might be helpful here.
> Here's the sequence of events:
>
> 1) User requests a secured resource
> 2) The server internally redirects the user to login.jsp (note: the
> client NEVER directly requests login.jsp)
> 3) The user enters his/her credentials and submits
> 4) The system authenticates the user and returns the originally
> requested resource.
>
> So what you really want to do is link to /seraf/index.jsp (or
> whatever...) and let tomcat handle making sure the user is entitled to
> it or not.
>
> --David
>
> Prashant Saraf wrote:
>
> >i created a link which connect to login.jsp then also it not works:(
> >
> >On 2/3/06, David Delbecq <delbd (at) oma.be> wrote:
> >
> >
> >>This mean you tried to access login form directly. This is not allowed
> >>in j2ee specifications.
> >>Access to login form should only be triggered by server on demand. You
> >>can't force a login.
> >>To access login page, simply put a link to saraf/index.html (simple
> >>example)
> >>Prashant Saraf a écrit :
> >>
> >>
> >>
> >>>i have a problem in Tomcat & jsp
> >>>when i use j_security_check it gives me following error.
> >>>The request sent by the client was syntactically incorrect (Invalid
> >>>
> >>>
> >>direct
> >>
> >>
> >>>reference to form login page
> >>>why this so
> >>>my web.xml....
> >>>
> >>><?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?>
> >>>
> >>>
> >>><web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee "
> >>> xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance "
> >>> xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee
> >>>http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
> >>>"
> >>> version=3D" 2.4">
> >>>
> >>> <description>
> >>> My first jsp example
> >>> </description>
> >>> <display-name>Work on Jsp</display-name>
> >>>
> >>> <security-constraint>
> >>> <display-name>TestApp Security Constraint</display-name>
> >>> <web-resource-collection>
> >>> <web-resource-name>Protected Area</web-resource-name>
> >>> <!-- Define the context-relative URL(s) to be protected -->
> >>>
> >>> <!-- If you list http methods, only those methods are
> >>>
> >>>
> >>protecte=
> >>
> >>
> >>>d
> >>>-->
> >>> <http-method>DELETE</http-method>
> >>> <http-method>GET</http-method>
> >>> <http-method>POST</http-method>
> >>> <http-method>PUT</http-method>
> >>> <url-pattern>/saraf/*</url-pattern>
> >>> </web-resource-collection>
> >>> <auth-constraint>
> >>> <!-- Anyone with one of the listed roles may access this area
> >>>-->
> >>> <role-name>*</role-name>
> >>> </auth-constraint>
> >>> </security-constraint>
> >>>
> >>> <!-- Default login configuration uses form-based authentication -->
> >>> <login-config>
> >>> <auth-method>FORM</auth-method>
> >>> <realm-name>Form-Based Authentication</realm-name>
> >>> <form-login-config>
> >>> <form-login-page>/login.jsp</form-login-page>
> >>> <form-error-page>/error.jsp</form-error-page>
> >>> </form-login-config>
> >>> </login-config>
> >>> <!-- Security roles referenced by this web application -->
> >>></web-app>
> >>>
> >>>
> >>>--
> >>>Cup of Java + Suger of XML = Secure WebApp
> >>>
> >>>
> >>>
> >>>
> >>>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
> >>For additional commands, e-mail: users-help (at) tomcat.apache.org
> >>
> >>
> >>
> >>
> >
> >
> >--
> >Cup of Java + Suger of XML = Secure WebApp
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
> For additional commands, e-mail: users-help (at) tomcat.apache.org
>
>
--
Cup of Java + Suger of XML = Secure WebApp