aspose file tools
The moose likes Security and the fly likes j_security_check - Invalid username or password message Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Engineering » Security
Reply Bookmark "j_security_check - Invalid username or password message" Watch "j_security_check - Invalid username or password message" New topic
Author

j_security_check - Invalid username or password message

John Fairbairn
Ranch Hand

Joined: May 30, 2002
Posts: 55
posted
0
Quote
Hi,
I'm using j_security_check in my web application deployed on jboss3.0.4-tomcat4.1.12. On a successful login, the user is redirected to the protected resource. On an invalid login, I'd like a message displayed on the login.jsp. The login.jsp is both my login page and error page.
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/login.jsp</form-error-page>
</form-login-config>
</login-config>
Thanks,
John
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8876

I like...
Firefox Browser Java Spring
posted private message
0
Quote
Pass a query paramter to the failed page say failed=true as shown below

Check for failed=true in the jsp and display the error message.

Groovy
John Fairbairn
Ranch Hand

Joined: May 30, 2002
Posts: 55
posted
0
Quote
Perfect. Can't believe I didn't think of it. Thanks.
Abhijeet Deshmukh
Greenhorn

Joined: Aug 09, 2004
Posts: 6
posted private message
0
Quote
hi pradip,

i am still confused about form auth, using j_security_check after succefull login how web server know which is home page i mean which do we hv any thing where we can specify home page.

Thanks & Regards
Abhijeet
Prakas Subed
Greenhorn

Joined: Dec 09, 2004
Posts: 20
posted private message
0
Quote
To extend this question further...
I wonder if Tomcat/JBoss provide a way to pass actual reason/root cause behind the failure to the login JSP as a param. For our internal/ad hoc system this is desired.

Thanks,





Originally posted by abhijit deshmukh:
hi pradip,

i am still confused about form auth, using j_security_check after succefull login how web server know which is home page i mean which do we hv any thing where we can specify home page.

Thanks & Regards
Abhijeet
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 35232
    
    7
posted
0
Quote
What other reasons might that be? The authentication simply checks that the username/password combination passed to the server exist. If it doesn't, the error page is shown. Are you thinking of conditions like "user database not accessible" ?

Android appsImageJ pluginsJava web charts
PrachiS Shah
Greenhorn

Joined: Sep 02, 2010
Posts: 10
posted private message
0
Quote
This is working okay. But when the user refreshes the page without filling any data then also the error page gets called and the error message is displayed...Please help
PrachiS Shah
Greenhorn

Joined: Sep 02, 2010
Posts: 10
posted private message
0
Quote
Pradeep bhatt wrote:Pass a query paramter to the failed page say failed=true as shown below

Check for failed=true in the jsp and display the error message.


This is working okay. But when the user refreshes the page without filling any data then also the error page gets called and the error message is displayed...Please help
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: j_security_check - Invalid username or password message
 
Similar Threads
Form based authentication in java server faces.
Dobut in Realm Authentication
DD entries for authentication
login-config question
Invalid direct reference to form login page