aspose file tools*
The moose likes Tomcat and the fly likes tomcat <form-error-page> Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "tomcat <form-error-page>" Watch "tomcat <form-error-page>" New topic
Author

tomcat <form-error-page>

Adhipadhi Rajan
Greenhorn

Joined: Jul 21, 2013
Posts: 7
I get some error while logging in and I get redirected to the error page as per the following configuration.



But I have no means to get what the error is. How to get the exact error because of which I get redirected?


Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16137
    
  21

Welcome to the JavaRanch, Adhipadhi!

The error is "Login failed".

This page is only displayed if the user's login credentials entered on the form-login-page were rejected by the security Realm.

In the event that the login succeeded, the page originally requested before the login was triggered will be displayed. If the security Realm has a bug in it that throws an exception, the Realm module should have been coded to intercept that exception, log the details to the Tomcat log (catalina.out), and pass back "false" for authentication status. If it does not, expect Tomcat to intercept the exception and display a "500" error page.

Or, as they say in the consumer electronics field "No User-servicable parts inside".


Customer surveys are for companies who didn't pay proper attention to begin with.
Adhipadhi Rajan
Greenhorn

Joined: Jul 21, 2013
Posts: 7
Hi Tim,

Thanks for your response.

I could not get my login module (my class which extends javax.security.auth.spi.LoginModule) executed.

I have hardcoded my user credentials (for testing). No changes of going wrong.

This happened when I changed my webapp as the default webapp using <Context path="" debug="6" docBase="myapp" /> in server.xml. When I remove this line from server.xml, everything works fine.

Any clue why?

Thanks again.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16137
    
  21

I'm not sure what you mean by "login module", but if you wrote login-handling code as part of your webapp, that isn't how the system works. Container-managed security is exactly what its name says it is. The security is part of the container. It is customized by selecting a Realm in either server.xml or in a webapp's Context element. The login page is presented automatically when a user requests a protected resource (as defined in web.xml). The webapp cannot invoke the login itself. If it attempts to use the login form as though it was an ordinary web page, the form will display, but processing will not work because the j_security_check handler was not activated by the container.

So I hope that your javax.security.auth.spi.LoginModule extension is part of some Realm module you coded.
Adhipadhi Rajan
Greenhorn

Joined: Jul 21, 2013
Posts: 7
The webapp cannot invoke the login itself. If it attempts to use the login form as though it was an ordinary web page, the form will display, but processing will not work because the j_security_check handler was not activated by the container.

So I hope that your javax.security.auth.spi.LoginModule extension is part of some Realm module you coded.


Tim,

Yes, it is part of my JAAS realm configurations. I have configured JAAS using jaas.config and context.xml under webapps/myapp/META-INF.

jaas.config:


This com.myapp.login.LoginAction extends javax.security.auth.spi.LoginModule. This is where I have hardcoded my login credentials for testing.

context.xml:



I am not invoking login page or login module by myself. Login page is automatically called when a protected resource is accessed. I have protected a folder 'secure' under webapps/myapp/ as shown in the below web.xml entries :


When I access http://localhost/secure I get the login page. After login, I get directed to error page (shown above in my web.xml entries), could not get any error msg in logs.

Hope I have provided all necessary details. Please let me know if I need to give any more additional info.
Adhipadhi Rajan
Greenhorn

Joined: Jul 21, 2013
Posts: 7
This happened when I changed my webapp as the default webapp using <Context path="" debug="6" docBase="myapp" /> in server.xml. When I remove this line from server.xml, everything works fine.


This is the one that causes the issue. I know for sure (through repeated testing).

The above server.xml entry helps me access my webapp as http://localhost/ instead of http://localhost/myapp/.

After this change my com.myapp.login.LoginAction is not being called.

I am looking to know why my jaas configurations are getting disturbed because of this.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16137
    
  21

I'm not certain, but I believe that there is a "default webapp" and there's a "root webapp" and the two are not the same. The difference being that if you don't supply recognized context in your URL, it gets sent to the root webapp, but if any webapp (including the root webapp) cannot handle a given URL resource request, then that request is passed on to the default webapp (default servlet). Which is where, for example, directory listings come from.

The context path for the root webapp should be "/", not "", if I'm not mistaken.
Adhipadhi Rajan
Greenhorn

Joined: Jul 21, 2013
Posts: 7
The context path for the root webapp should be "/", not "", if I'm not mistaken.


Hope you are talking about the server.xml entry.



When i make this change, http://localhost/ is accessing the 'ROOT' app instead of 'myapp' app.

Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16137
    
  21

This is one of those things where it would probably make sense to me if I actually was working with the application source.

I recommend a careful reading of the documentation in http://tomcat.apache.org/tomcat-6.0-doc/config/context.html . Or its equivalent for whichever version of Tomcat you are using.

Note that they very specifically warn against defining Context in server.xml. Also note that in Tomcat 6 (at least), the actual webapp context is not based on what you coded in the Context element, but is taken from the context file name within conf/Catalina/localhost.

Although not specifically stated, the docs imply that a Context path of ("" or "/") should both reference ROOT. However, see the preceding paragraph.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: tomcat <form-error-page>