This week's book giveaway is in the Programmer Certification forum.
We're giving away four copies of OCP Oracle Certified Professional Java SE 21 Developer Study Guide: Exam 1Z0-830 and have Jeanne Boyarsky & Scott Selikoff on-line!
See this thread for details.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Security Form login problem

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, I have a problem when using a FORM authentication method in my web app.

my DD is as follow:

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/loginPage.html</form-login-page>
<form-error-page>/loginError.html</form-error-page>
</form-login-config>
</login-config>

I have no problem to trigger the loginPage.html, when I try to accessed a authentication required servlet that uses a doPost() method without doGet().

When I typed in a invalid username/password pair, it go to loginError.html page.

However, when I typed in a valid username/password pair, I will be forward to a error page

--> HTTP 405 : HTTP method GET is not supported by this URL

But when i use the same browser and try to access the same servlet again, it went through with no problem and generate the expected output.

Can anyone please tell me what happen? I use Tomcat 5.0.28
 
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i am not much clear on ur question can us paste ur servlet code ..?

and i need to know whether u set the page transition for the sucess case i.e user enter the loginid/pass as a correct one ..?
 
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is your <form> element (in HTML or JSP) has method attribute with "POST" value?
 
Marco Fung
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is the servlet code:

package com.example.web;

import com.example.model.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.*;

public class BeerSelect extends HttpServlet{

public void doPost(HttpServletRequest req, HttpServletResponse res)
throws IOException, ServletException{

res.setContentType("text/html");
PrintWriter out = res.getWriter();

out.println("Beer Selection Advice<br>");
String c = req.getParameter("COLOR");

BeerExpert be = new BeerExpert();
List result = be.getBrands(c);

req.setAttribute("styles", result);

RequestDispatcher view = req.getRequestDispatcher("result.jsp");
view.forward(req, res);

}
}

And this is my DD:

<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsl="http://www.w3.org/2001/XMLSchema-instance"
xsl:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">

<security-constraint>
<web-resource-collection>
<url-pattern>/SelectBeer.do</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>member</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<security-role>
<role-name>member</role-name>
<role-name>guest</role-name>
</security-role>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/loginPage.html</form-login-page>
<form-error-page>/loginError.html</form-error-page>
</form-login-config>
</login-config>

<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/errorPage.jsp</location>
</error-page>

<servlet>
<servlet-name>Ch3 Beer</servlet-name>
<servlet-class>com.example.web.BeerSelect</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>Ch3 Beer</servlet-name>
<url-pattern>/SelectBeer.do</url-pattern>
</servlet-mapping>

<context-param>
<param-name>mainEmail</param-name>
<param-value>main@abc.com</param-value>
</context-param>
</web-app>

And this is my loginPage.html:

<html><body>
Please login:

<form method="POST" action="j_security_check">
<input type="text" name="j_username">
<input type="password" name="j_password">
<input type="submit" value="Enter">
</form>

</body></html>
 
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The problem isn't you but Tomcat5.
It incorrectly handles the combination between form based authentication and post method. So when you correctly type in your user and password it authenticate correctly but then generates a GET request instead of the POST request. Because the doGet is not implemented you receive an error. if you implement the doGet() it should work fine. Or change the authentication mode (to BASIC) and restart Tomcat

Bye.
 
Dinner will be steamed monkey heads with a side of tiny ads.
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic