jQuery in Action, 2nd edition*
The moose likes Tomcat and the fly likes Form authentication restricting access to login form? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Products » Tomcat
Bookmark "Form authentication restricting access to login form?" Watch "Form authentication restricting access to login form?" New topic
Author

Form authentication restricting access to login form?

deb platt
Ranch Hand

Joined: Jan 23, 2008
Posts: 44
I have Tomcat 6.0.14 installed on my laptop, and I have a web application installed as ROOT. Here is an excerpt of the app's web.xml file:


In all cases, I am using http://localhost:8080 as the URL I am trying to access with my Firefox browser.

Intermittently, I am seeing the following behavior. I enter the URL, and my login form appears. I submit the form, and my login form reappears with the text fields now blank. If I ignore the second re-appearance of the login form, and instead enter my web site's URL, I am served the home page for my web site. If I don't ignore the second appearance of the login form, and instead fill it out (again) and submit it, I get a 404 error message telling me that the requested resource (j_security_check) is not available.

Since this is an intermittent problem, I have at other times tried to access the URL, got the login page, filled it out and submitted it, and then am served my site's home page as expected. However, right now I am more likely to get served the login page twice than for things to go smoothly.


I have tried using a login form that is a jsp file, without restricting access to such files, and as you can see, right now I am using a .htm file for the login file, while restricting access to .html files. In either case, I get this intermittent problem.

By the way, when I moved the site from my laptop to a test server running an earlier version of Tomcat, the problem almost completely disappeared.

Deb

[ February 06, 2008: Message edited by: deb platt ]
[ February 11, 2008: Message edited by: Bear Bibeault ]
deb platt
Ranch Hand

Joined: Jan 23, 2008
Posts: 44
Since my original post, I have tried going through the authentication process repeatedly using the Internet Explorer browser. Using IE, everything works as it should: I'm shown the login form, I am authenticated, I am shown the home page.

When I try to access my site using firefox, I am shown the login form, I am authenticated, I am shown a newly empty login form again.

Could this be a bug in firefox or tomcat? I am still a greenhorn, so in general I assume that any problems I encounter reflect some lack of understanding on my part. However, in this case I don't understand why authentication is working as expected under IE, but not firefox.

Deb
deb platt
Ranch Hand

Joined: Jan 23, 2008
Posts: 44
It turns out that it was a bug in Tomcat, bug 43687. A patch which fixed the problem became part of Tomcat, release 6.0.16, which was just released several days ago.

Apparently the intermittent nature of the problem which I originally reported was due to using different browsers.
[ February 11, 2008: Message edited by: deb platt ]
 
GeeCON Prague 2014
 
subject: Form authentication restricting access to login form?