• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

j_security_check not working with flash

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

I have a problem authenticating my users with j_security_check interworking with a flash on my login.jsp page.

Here is how things go:

I use j_security_check method to authenticate my users.
As a result, I have assigned a login.jsp page where I have a login form and at the top of the page a menu developed with flash:

..::1 - Login Form::..
<form method='POST' action='j_security_check'>
Username:<input type='text' name='j_username'><br>
Password:<input type='password' name='j_password'><br>
<input type='submit' value='Log In'>
</form>

..::2 - Menu Flash::..
<embed src="testMenu.swf"
quality="high"
width="531"
height="50">
</embed>

When the user is prompt to login, then inserts the correct username - password.
But after submit, the authentication method fails and the error page appears from Tomcat:

HTTP Status 404 - /...../j_security_check
type Status report
message /...../j_security_check
description The requested resource (/...../j_security_check) is not available.


Then I simply remove my flash menu and the whole login procedure of the user is performed correctly!!!
This means that flash caused the error in this page!!!

Is there a way I can have in my login.jsp page my flash menu and perform the login successfully?

Thanks in Advance for the answer,
papado.
 
Saloon Keeper
Posts: 25477
180
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You cannot call j_security_check directly and expect it to work. That mechanism belongs to the application server (Tomcat), and the required context only exists when Tomcat itself feels the need to present the login page. That is, when you submit a security-restricted URL (as defiend in web.xml).

I heartily discourage putting any sort of menu on a login page. The act of selecting from a menu is also the act of sending a web request, which means that the user is attempting to short-circuit the login, since you can't do 2 submits at the same time (menu and login form). So, if you'd actually succeeded, you'd have an insecure application where people could hack their way past the login. Though that would also indicate a security bug in Tomcat, and no such bug is known to exist, so either you'd have access denied or the menu operation would not be performed, depending on how you coded the page.
 
bill Papadopoulos
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

First, I would like to thank you for your suggestions.

Sooner or later a bacame to understand that the "error" that occurs in my web app about jsp pages that contain flash (not necessary flash menu, but also some other flash files in order to make "nicer" my web app) really causes wayward behavior in those jsp pages.

But later, from another persons advice, I realized that this happens when flash files are included into protected folders.
Then, I removed those flash files out of the protected folder, and everything worked OK.

Thank you again for the advice about security on my web app!

Best Regards,
Vasilis Papadopoulos.
 
Do not set lab on fire. Or this tiny ad:
free, earth-friendly heat - a kickstarter for putting coin in your pocket while saving the earth
https://coderanch.com/t/751654/free-earth-friendly-heat-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic