• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doubt in custom form login page for authentication

 
kamalakannan kamal
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

Question:
The following web page is defined as the custom form login page for authentication.
Assuming that you have attempted to access a protected resource and been redirected to
this web page, what is the result of filling in the user name and password fields and pressing
submit? (Choose one.)

<html>
<head><title>Login Form</title></head>
<body>
<form action="jsecuritycheck" method="POST">
<br />Name: <input type="text" name="jusername" />
<br />Password: <input type="password" name="jpassword" />
<br /><input type="submit" value="Log In" />
</form>
</body>
</html>

A. You will not be redirected to this page in the first place.
B. HTTP 401 or 403 error (forbidden /not authorized).
C. HTTP 404 error (page not found).
D. HTTP 500 error (server error).
E. The page is redisplayed.

Correct Answer specified in Book : E

Explanation :

The key to the question is noticing that the form HTML has
something close to the right values for the form action, user name, and password fields�but
not close enough. The proper attribute values have underscores: j_security_check, j_username, j_password. So the form submits to the server. Instead of (as you might expect) an HTTP 404 error (because the resource jsecuritycheck doesn�t exist), the server sees that no authorization data has been provided, so it simply redirects to the log-in page again.

But when I tried the same program I got HTTP 404 error. Please can anybody clarify this?

regards,
G. Kamal
 
Antonio Tercero
Ranch Hand
Posts: 110
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you configure login-config in web.xml?
 
kamalakannan kamal
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, I did. When I tried to access the protected resource, it redirects to the custom login page and I gave correct username and password. Instead of getting the same login page as mentioned in the answer for this question, I got HTTP 404 error saying jsecuritycheck is not found.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Show us your security-constraint
 
kamalakannan kamal
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is my full web.xml content

<web-app>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>LoginServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/LoginServlet</url-pattern>
</servlet-mapping>

<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/LoginServlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login/LoginForm.html</form-login-page>
<form-error-page>/Error/ErrorForm.html</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>role1</role-name>
</security-role>
</web-app>
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think that the mock was assuming that all resources would be protected (but nothing is written in the question). In your case, you receive a 404 because the form action is not accessing a protected resource.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic