File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes EJB and other Java EE Technologies and the fly likes How does the Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "How does the "j_security_check" work?" Watch "How does the "j_security_check" work?" New topic

How does the "j_security_check" work?

Mike Brown

Joined: Feb 16, 2001
Posts: 2
On page 78 of the Java Servlet Spec (v.2.3), it discusses the necessity of using "j_security_check" as the action attribute of for a login form. I have seen this used in code here at work, but when I try and use it myself for an application I'm developing, I get a 404 page not found error (because there is no page named "j_security_check").
Can anyone explain to me how this login mechanism is supposed to work? I've been doing web development for 3 years, but I'm really in the dark on this topic.
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
I look for informations also on j_security_check.
What I understood it is that he allows to protect resources JSP.
In the web.xml file are indicated the JSPs (login.jsp and error.jsp) the security constraints...
<web-resource-name>Protected Area</web-resource-name>
< !-- Define the context-relative URL(s) to be protected -->
< !-- If you list http methods, only those methods are protected -->
< !-- Anyone with one of the listed roles may access this area -->
< !-- Form-based login is enabled by default. If you wish to<br /> try Basic authentication, comment out the <login-config><br /> section below and uncomment the one above.<br /> -->
<realm-name>Example Form-Based Authentication</realm-name>
<form-login-config> <form-login-page>/jsp/security/login/login.jsp</form-login-page> <form-error-page>/jsp/security/login/error.jsp</form-error-page>

For Tomcat 3.2 it exists a file tomcat-users.xml in the conf directory to indicate the user/password pairs.

My form login.jsp.


After submit the request arrives on Server (http://Server:8080/jsp/security/login/j_security_check) it gets fields j_username
and j_password and checks if the username/password pair is OK (see If OK, it sends back towards the client the new location.
Server side: 1-incoming Http://Server:8080/jsp/security/login/j_security_check]Http://Server:8080/jsp/security/login/j_security_check
HTTP/1.0 302 Found
2-outcoming: it sends back towards the client the new location.
Location: http://Server:8080/jsp/security/protected/index.jsp
Pierre-Fran´┐Żois Lemosquet

[This message has been edited by Pierre-Fran´┐Żois Lemosquet (edited August 17, 2001).]
Garrett Smith
Ranch Hand

Joined: Jun 27, 2002
Posts: 401
Your response was parsed. Please post it again inside a pre tag and escape < with &lt;

comp.lang.javascript FAQ:
I agree. Here's the link:
subject: How does the "j_security_check" work?
It's not a secret anymore!