• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Tim Cooke
Sheriffs:
  • Rob Spoor
  • Liutauras Vilda
  • paul wheaton
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Mikalai Zaikin
  • Carey Brown
  • Piet Souris
Bartenders:
  • Stephan van Hulst

Doubt in custom form login page for authentication

 
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

Question:
The following web page is defined as the custom form login page for authentication.
Assuming that you have attempted to access a protected resource and been redirected to
this web page, what is the result of filling in the user name and password fields and pressing
submit? (Choose one.)

<html>
<head><title>Login Form</title></head>
<body>
<form action="jsecuritycheck" method="POST">
<br />Name: <input type="text" name="jusername" />
<br />Password: <input type="password" name="jpassword" />
<br /><input type="submit" value="Log In" />
</form>
</body>
</html>

A. You will not be redirected to this page in the first place.
B. HTTP 401 or 403 error (forbidden /not authorized).
C. HTTP 404 error (page not found).
D. HTTP 500 error (server error).
E. The page is redisplayed.

Correct Answer specified in Book : E

Explanation :

The key to the question is noticing that the form HTML has
something close to the right values for the form action, user name, and password fields�but
not close enough. The proper attribute values have underscores: j_security_check, j_username, j_password. So the form submits to the server. Instead of (as you might expect) an HTTP 404 error (because the resource jsecuritycheck doesn�t exist), the server sees that no authorization data has been provided, so it simply redirects to the log-in page again.

But when I tried the same program I got HTTP 404 error. Please can anybody clarify this?

regards,
G. Kamal
 
Ranch Hand
Posts: 110
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Did you configure login-config in web.xml?
 
kamalakannan kamal
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, I did. When I tried to access the protected resource, it redirects to the custom login page and I gave correct username and password. Instead of getting the same login page as mentioned in the answer for this question, I got HTTP 404 error saying jsecuritycheck is not found.
 
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Show us your security-constraint
 
kamalakannan kamal
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here is my full web.xml content

<web-app>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>LoginServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/LoginServlet</url-pattern>
</servlet-mapping>

<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/LoginServlet</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login/LoginForm.html</form-login-page>
<form-error-page>/Error/ErrorForm.html</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>role1</role-name>
</security-role>
</web-app>
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE VI Editor Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think that the mock was assuming that all resources would be protected (but nothing is written in the question). In your case, you receive a 404 because the form action is not accessing a protected resource.
 
Is that a spider in your hair? Here, threaten it with this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic