Win a copy of TDD for a Shopping Website LiveProject this week in the Testing forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

Admin tool: "Invalid direct reference to form login"

 
Ranch Hand
Posts: 1056
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When I try to log into the Tomcat Admin tool (http://localhost:8080/admin/login.jsp), I get this error:


HTTP Status 400 - Invalid direct reference to form login page
type Status report
message Invalid direct reference to form login page
description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).


This happens if I try to log in as any of the users defined in my tomcat-users.xml file, as long as I provide a correct username and password. It does not matter whether or not the user has been defined to include the "admin" role.
If I use an invalid username or password, I (properly) get a page telling me so, with a link back to the login form to try again.
What is configured incorrectly here, and how do I fix it?

 
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It has to do with container managed security...

If you go directly , with no intermediate page, to the login page , the container will not know where to direct "after". You have to first hit a protected page (like http://localhost:8080/admin) and when it re-directs you to login.jsp, it will know that you then want to go to /admin after a successful login.

When you go directly there and fail, it knows enough to send appropriate error messages and what not, but as soon as you succeed, you will need to have "come from somewhere else" so it knows where to send you next.

Did that make sense?
 
Ron Newman
Ranch Hand
Posts: 1056
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
But I'm not going to the login form directly. This happens when I go to http://localhost:8080/admin .
 
Ranch Hand
Posts: 1179
Mac OS X Eclipse IDE
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do you have a user in 'tomcat-users.xml' with 'admin' role?
If not add one...
Rene
 
Ron Newman
Ranch Hand
Posts: 1056
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, I do (and did).
 
I don't like that guy. The tiny ad agrees with me.
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic