• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Form authentication restricting access to login form?

 
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have Tomcat 6.0.14 installed on my laptop, and I have a web application installed as ROOT. Here is an excerpt of the app's web.xml file:


In all cases, I am using http://localhost:8080 as the URL I am trying to access with my Firefox browser.

Intermittently, I am seeing the following behavior. I enter the URL, and my login form appears. I submit the form, and my login form reappears with the text fields now blank. If I ignore the second re-appearance of the login form, and instead enter my web site's URL, I am served the home page for my web site. If I don't ignore the second appearance of the login form, and instead fill it out (again) and submit it, I get a 404 error message telling me that the requested resource (j_security_check) is not available.

Since this is an intermittent problem, I have at other times tried to access the URL, got the login page, filled it out and submitted it, and then am served my site's home page as expected. However, right now I am more likely to get served the login page twice than for things to go smoothly.


I have tried using a login form that is a jsp file, without restricting access to such files, and as you can see, right now I am using a .htm file for the login file, while restricting access to .html files. In either case, I get this intermittent problem.

By the way, when I moved the site from my laptop to a test server running an earlier version of Tomcat, the problem almost completely disappeared.

Deb

[ February 06, 2008: Message edited by: deb platt ]
[ February 11, 2008: Message edited by: Bear Bibeault ]
 
deb platt
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Since my original post, I have tried going through the authentication process repeatedly using the Internet Explorer browser. Using IE, everything works as it should: I'm shown the login form, I am authenticated, I am shown the home page.

When I try to access my site using firefox, I am shown the login form, I am authenticated, I am shown a newly empty login form again.

Could this be a bug in firefox or tomcat? I am still a greenhorn, so in general I assume that any problems I encounter reflect some lack of understanding on my part. However, in this case I don't understand why authentication is working as expected under IE, but not firefox.

Deb
 
deb platt
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It turns out that it was a bug in Tomcat, bug 43687. A patch which fixed the problem became part of Tomcat, release 6.0.16, which was just released several days ago.

Apparently the intermittent nature of the problem which I originally reported was due to using different browsers.
[ February 11, 2008: Message edited by: deb platt ]
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic