• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

j_security_check 404 error

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am new to this forum although I have been lurking around for while

I have a question about j_security_check.

I am working in Apache Tomcat server and I want to set up form based authentication. So I used j_security_check and I get an error 404 j_security_check page not found.

I am not sure how this is supposed to work.
1. Am I supposed to load the secured pages before I login and j_security_check should send me to the login.jsp page?
Or should I start with teh login.jsp page and if my login is incorrect, then I cannot load any page? (until I login correctly)

I always get 404 j_sedurity_check not found when I try to click submit button in login.jsp page and when I try to open other pages (even without login) I am able to open.

Can you please help me?

Should I register j_security_check in web.xml, if yes, please tell me how and give me a sample, please........


Here's my code:

web.xml

<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>STK</web-resource-name>
<url-pattern>/*.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>customer</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/logi</form-login-config>
</login-config>

I am in the list of user in tocat-users.xml

My login.jsp
<form action="Servlet.j_security_check" method="POST">

<center>
<table cellpadding=4 cellspacing=2 border=0>

<th bgcolor="#CCCCFF" colspan=2>
<font size=5>Business Owner Login</font>
<br>
<font size=1><sup>*</sup> Required Fields</font>
</th>

<tr bgcolor="Aqua">
<td valign=top>
<b>User ID<sup>*</sup></b>
<br>
<td valign=top>
<input type="text" name="j_username"></td>
<td valign=top>
<b>Password<sup>*</sup></b>
<br>
<td valign=top>
<input type="password" name="j_password" value="" size=15 maxlength=20></td>
<td valign=top>
</tr>

<tr bgcolor="#c8d8f8">
<td align=center colspan=2>
<input type="submit" value="Log In">
</td>
</tr>

</TABLE>

</BODY>
</HTML>
 
Ranch Hand
Posts: 429
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In your web.xml, did you make sure that the <webapp> is declared as using the Servlet 2.4 spec?

-Yuriy
 
Aparna Iyer
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

No, I don't know how to code that in web.xml? Can you kindly help me, please.

TIA
 
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

<form action="Servlet.j_security_check" method="POST">



I think it should be

<form action="j_security_check" method="POST">

thanks
 
Narendra Dhande
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Also, you must define <security-role> element to work the authentication correctly, though you have defined user in tomcat-users.xml

Thanks
 
Ranch Hand
Posts: 334
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
In the following snippet, <realm-name/> is not required for Form authentication. It is required only for Basic authentication



The main disadvantage of Form based authentication is , It should be used only when a session is maintained using cookies or HTTPS.

so try to maintain a session and then try this authentication method. I hope it will help you
bye for now
sat
 
Yuriy Zilbergleyt
Ranch Hand
Posts: 429
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, I don't know how to code that in web.xml? Can you kindly help me, please.

First, I think Narendra is right, the action should just be "j_security_check".

The following is how I start my web.xml files, but that may only be necessary if you use EL or other Servlet 2.4/JSP 2.0 features.



-Yuriy
[ August 04, 2005: Message edited by: Yuriy Zilbergleyt ]
 
Aparna Iyer
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I have an update on this.

I was able to get this to work (one step, I think) by changing *.jsp in web.xml to \*.

Now if I load a page, it takes me to login.jsp and if I login, I get the following problem:


When I load any page, it takes to login.jsp and I enter the user id and password and if it is correct, it takes me to some image (this is one of the images in the images folder that I have). I have no clue why it goes to that always, when login is successful. It doesn't go to the originally requested page.

What do I have tyo set up to make that happen (meaning if I start with one_two.jsp, it takes me to login.jsp and after I login, I want one_two.jsp to come automatically? How to do that?)

Thanks in advance.
reply
    Bookmark Topic Watch Topic
  • New Topic