File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes j_security_check Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "j_security_check" Watch "j_security_check" New topic
Author

j_security_check

Jherald Lacambra
Ranch Hand

Joined: Feb 02, 2005
Posts: 129
im using tomcat 5.5.15, set up the realm in server.xml, set up security config on WEB-INF/web.xml (using form based login).. but it seems tomcat does not look for the users in my database(postgre).. it always go to error.jsp even if i entered the correct username and password to login. i cannot view other pages. any help would be appreciated

thanks
jhe


jherald
Yogendra Joshi
Ranch Hand

Joined: Apr 04, 2006
Posts: 213
Hi Jherald ,

Below is an extract from the book which i refer to.. It explains why the situation like which you encounterd happens and what needs to be done to solve it.

Here's it..


Tomcat 5 incorrectly handles the combination of FORM-based authentication and
HTTP POST requests for protected resources, and the example application reveals this flaw. Tomcat
authenticates the user as expected but calls the doGet() method on the resource instead of
doPost(). This means the page you see will be the same as that for the unsecured access. In order to
see the correct page, switch the <auth-method> to BASIC and restart Tomcat. Use a new browser
window to access http://localhost:8080/chapter09-declarative/posttest.html. After
submiting the form, and authenticated with bob and bbb as the user ID and password, you
should see the correct page.

Hope this helps you.. Let me know if it works..

Yogendra Joshi.


Meri Zindagi Hain Tab Tak.. Jab Tak Tera Sahara.... Har Taraf Tu Hi Tu Hain SAI Tera Hi Hain Nazara.....
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: j_security_check