aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Doubt in custom form login page for authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Doubt in custom form login page for authentication" Watch "Doubt in custom form login page for authentication" New topic
Author

Doubt in custom form login page for authentication

kamalakannan kamal
Ranch Hand

Joined: May 19, 2008
Posts: 32
Hi All,

Question:
The following web page is defined as the custom form login page for authentication.
Assuming that you have attempted to access a protected resource and been redirected to
this web page, what is the result of filling in the user name and password fields and pressing
submit? (Choose one.)

<html>
<head><title>Login Form</title></head>
<body>
<form action="jsecuritycheck" method="POST">
<br />Name: <input type="text" name="jusername" />
<br />Password: <input type="password" name="jpassword" />
<br /><input type="submit" value="Log In" />
</form>
</body>
</html>

A. You will not be redirected to this page in the first place.
B. HTTP 401 or 403 error (forbidden /not authorized).
C. HTTP 404 error (page not found).
D. HTTP 500 error (server error).
E. The page is redisplayed.

Correct Answer specified in Book : E

Explanation :

The key to the question is noticing that the form HTML has
something close to the right values for the form action, user name, and password fields�but
not close enough. The proper attribute values have underscores: j_security_check, j_username, j_password. So the form submits to the server. Instead of (as you might expect) an HTTP 404 error (because the resource jsecuritycheck doesn�t exist), the server sees that no authorization data has been provided, so it simply redirects to the log-in page again.

But when I tried the same program I got HTTP 404 error. Please can anybody clarify this?

regards,
G. Kamal
Antonio Tercero
Ranch Hand

Joined: Jun 05, 2008
Posts: 110
Did you configure login-config in web.xml?


SCJP 5, SCWCD 5
kamalakannan kamal
Ranch Hand

Joined: May 19, 2008
Posts: 32
Yes, I did. When I tried to access the protected resource, it redirects to the custom login page and I gave correct username and password. Instead of getting the same login page as mentioned in the answer for this question, I got HTTP 404 error saying jsecuritycheck is not found.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

Show us your security-constraint


[My Blog]
All roads lead to JavaRanch
kamalakannan kamal
Ranch Hand

Joined: May 19, 2008
Posts: 32
Here is my full web.xml content

<web-app>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>LoginServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/LoginServlet</url-pattern>
</servlet-mapping>

<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/LoginServlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login/LoginForm.html</form-login-page>
<form-error-page>/Error/ErrorForm.html</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>role1</role-name>
</security-role>
</web-app>
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

I think that the mock was assuming that all resources would be protected (but nothing is written in the question). In your case, you receive a 404 because the form action is not accessing a protected resource.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Doubt in custom form login page for authentication