aspose file tools*
The moose likes Tomcat and the fly likes Form based authentication fails with j_security_check in the URL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Form based authentication fails with j_security_check in the URL" Watch "Form based authentication fails with j_security_check in the URL" New topic
Author

Form based authentication fails with j_security_check in the URL

nahusha narasimha
Greenhorn

Joined: Feb 22, 2013
Posts: 6
Hi All,

I am facing an issue with form based authentication.
When I access the secured URL, I am thrown the login.html which is configured in web.xml. The login.html's form method and action is POST and j_security_check
After I enter the valid userid and password, the browser redirects to this URL : http://localhost:8080/myapp/j_security_check
Furthermore it displays the error.html that is specified in the web.xml.

BASIC is working just fine. Not sure what I'm doing wrong with FORM based.

Can someone please help.

Thanks,
Nash
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16145
    
  21

Can you show us the basics of your login form? We don't need any fancy decorations or anything, but seeing what your fundamental page elements are would be very helpful.

Also we need to see the parts of your web.xml that define form-based authentication.


Customer surveys are for companies who didn't pay proper attention to begin with.
nahusha narasimha
Greenhorn

Joined: Feb 22, 2013
Posts: 6
This is what my login form looks like




And this is my web.xml

Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16145
    
  21

So far, so good, I think. What does your Realm configuration in Tomcat look like?
nahusha narasimha
Greenhorn

Joined: Feb 22, 2013
Posts: 6
Realm configuration in server.xml is as follows :

and the path to UserDatabase is conf/tomcat-users.xml
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16145
    
  21

Can you verify that:

1. The Realm isn't commented out (like it is in the original server.xml that ships with Tomcat)?

2. You have a role name of "manager" defined in the tomcat-users.xml file?

3. The file tomcat-users.xml can be read by the Tomcat user?

4. There aren't any strange messages in the logs (catalina.out or localhost-xxxxxx)?
nahusha narasimha
Greenhorn

Joined: Feb 22, 2013
Posts: 6
1. The Realm isn't commented out.
2.
3. Tomcat-users.xml can be read by the tomcat user. BASIC authn works fine.
4. There are no weird logs in the two files. Of course the logging level is the default one specified in logging.properties. I could change this and give it a try.

One more thing, I have to mention. I am trying to run this example in eclipse. I am using the tomcat defined as a server in eclipse.
Will try by creating a war of this project and deploying on a standalone tomcat.

Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16145
    
  21

There are at least 2 ways to run Tomcat in Eclipse.

The most common is to use WTP, which is bundled as part of the J2EE edition of Eclipse. WTP is an abomination. It clones parts of your Tomcat configuration and it does so imperfectly. This is quite likely to be what your problem is.

I use the independent sysdeo Tomcat plugin myself. It uses the actual Tomcat configuration and causes less wear and tear on my sanity.
nahusha narasimha
Greenhorn

Joined: Feb 22, 2013
Posts: 6
After deploying it as a WAR on tomcat, the authn succeeds Guess the WTP tomcat was the culprit.
Thanks Tim for your time and help. Will try sysdeo from now on
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Form based authentication fails with j_security_check in the URL