By Date: <-- -->
By Thread: <-- -->

Problem in j_security_check

Can you post your login.jsp and let us know if this webapp is ROOT or not?

--David

Prashant Saraf wrote:

i did same
now it gives following error
The requested resource (/saraf/protected/j_security_check) is not available.
Do i need edit server.xml or any other file.

On 2/3/06, David Smith <dns4 (at) cornell.edu> wrote:


A quick overview of how authentication works might be helpful here.
Here's the sequence of events:

1) User requests a secured resource
2) The server internally redirects the user to login.jsp (note: the
client NEVER directly requests login.jsp)
3) The user enters his/her credentials and submits
4) The system authenticates the user and returns the originally
requested resource.

So what you really want to do is link to /seraf/index.jsp (or
whatever...) and let tomcat handle making sure the user is entitled to
it or not.

--David

Prashant Saraf wrote:



i created a link which connect to login.jsp then also it not works:(

On 2/3/06, David Delbecq <delbd (at) oma.be> wrote:




This mean you tried to access login form directly. This is not allowed
in j2ee specifications.
Access to login form should only be triggered by server on demand. You
can't force a login.
To access login page, simply put a link to saraf/index.html (simple
example)
Prashant Saraf a écrit :





i have a problem in Tomcat & jsp
when i use j_security_check it gives me following error.
The request sent by the client was syntactically incorrect (Invalid




direct




reference to form login page
why this so
my web.xml....

<?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?>


<web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee "
xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance "
xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
"
version=3D" 2.4">

<description>
 My first jsp example
</description>
<display-name>Work on Jsp</display-name>

<security-constraint>
    <display-name>TestApp Security Constraint</display-name>
    <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
         <!-- Define the context-relative URL(s) to be protected -->

         <!-- If you list http methods, only those methods are




protecte=




d
-->
         <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
        <http-method>PUT</http-method>
        <url-pattern>/saraf/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <!-- Anyone with one of the listed roles may access this area
-->
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

<!-- Default login configuration uses form-based authentication -->
<login-config>
  <auth-method>FORM</auth-method>
  <realm-name>Form-Based Authentication</realm-name>
  <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/error.jsp</form-error-page>
  </form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
</web-app>


--
Cup of Java + Suger of XML = Secure WebApp







---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
For additional commands, e-mail: users-help (at) tomcat.apache.org






--
Cup of Java + Suger of XML = Secure WebApp





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
For additional commands, e-mail: users-help (at) tomcat.apache.org






--
Cup of Java + Suger of XML = Secure WebApp





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
For additional commands, e-mail: users-help (at) tomcat.apache.org