• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

How does the "j_security_check" work?

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
On page 78 of the Java Servlet Spec (v.2.3), it discusses the necessity of using "j_security_check" as the action attribute of for a login form. I have seen this used in code here at work, but when I try and use it myself for an application I'm developing, I get a 404 page not found error (because there is no page named "j_security_check").
Can anyone explain to me how this login mechanism is supposed to work? I've been doing web development for 3 years, but I'm really in the dark on this topic.
 
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!
I look for informations also on j_security_check.
What I understood it is that he allows to protect resources JSP.
In the web.xml file are indicated the JSPs (login.jsp and error.jsp) the security constraints...
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
< !-- Define the context-relative URL(s) to be protected -->
<url-pattern>/jsp/security/protected/*</url-pattern>
< !-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
< !-- Anyone with one of the listed roles may access this area -->
<role-name>tomcat</role-name>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>
< !-- Form-based login is enabled by default. If you wish to<br /> try Basic authentication, comment out the <login-config><br /> section below and uncomment the one above.<br /> -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication</realm-name>
<form-login-config> <form-login-page>/jsp/security/login/login.jsp</form-login-page> <form-error-page>/jsp/security/login/error.jsp</form-error-page>
</form-login-config>
</login-config>

For Tomcat 3.2 it exists a file tomcat-users.xml in the conf directory to indicate the user/password pairs.

My form login.jsp.

http://Server:8080/jsp/security/login/login.jsp]http://Server:8080/jsp/security/login/login.jsp

After submit the request arrives on Server (http://Server:8080/jsp/security/login/j_security_check) it gets fields j_username
and j_password and checks if the username/password pair is OK (see org.apache.tomcat.request.AccessInterceptor.java). If OK, it sends back towards the client the new location.
Server side: 1-incoming Http://Server:8080/jsp/security/login/j_security_check]Http://Server:8080/jsp/security/login/j_security_check
HTTP/1.0 302 Found
2-outcoming: it sends back towards the client the new location.
Location: http://Server:8080/jsp/security/protected/index.jsp
Pierre-Fran�ois Lemosquet
pf.lemosquet@wokup.com
Wokup! http://www.wokup.com


[This message has been edited by Pierre-Fran�ois Lemosquet (edited August 17, 2001).]
 
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Your response was parsed. Please post it again inside a pre tag and escape < with &lt;
 
Skool. Stay in. Smartness. Tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic