Re: HTTP 404 on j_security_check

2002-09-11 Thread Rick Fincher 

That is correct behavior.  You cannot access the j-security_check page
directly.  You hava to access one of you regular pages and Tomcat will go to
your form page.

Rick
- Original Message -

> Hi
>
>  I use a Form based authentification in web.xml :
> [...]
> 
> FORM
>  Authentication Area
>  
>  /login.jsp
>  /login_failed.jsp
>  
> 
>  [...]
>
> in login.jsp :
> [...]
> 
> 
> 
> 
> [...]
>
> authentification works great but after, if i click on the "Back"  button
of
> my browser to go back on the login page
> and i try the authentification again, Tomcat launch a HTTP 404 error on
> /j_security_check
>  (page refresh don't change anything)
>
> in access.log (i protect /pages/* and login form is in /login.jsp):
>
> 10.20.0.7 - - [10/Sep/2002:11:01:15 -0500] "GET /pages/home.jsp HTTP/1.1"
> 302 764
> 10.20.0.7 - - [10/Sep/2002:11:01:15 -0500] "GET /login.jsp HTTP/1.1" 200
> 7070
> 10.20.0.7 - - [10/Sep/2002:11:01:21 -0500] "GET
> /j_security_check?j_username=bob&j_password=bob HTTP/1.1" 302 764
> 10.20.0.7 - bob [10/Sep/2002:11:01:23 -0500] "GET /pages/home.jsp
HTTP/1.1"
> 200 5018
>
> here, all is ok , i'm authentified as bob (i think that 302 HTTP return
code
> is a good thing ? servlet redirection ??)
> now i click on back button and attempt to re-authentifiate bob and ...
>
> 10.20.0.7 - bob [10/Sep/2002:11:01:29 -0500] "GET
> /j_security_check?j_username=bob&j_password=bob HTTP/1.1" 404 734
>
> 404 error ...
>
> Do you have a solution ?
>
> Thanks a lot.
>
> (bilingue english/french)
>
> --
> To unsubscribe, e-mail:

> For additional commands, e-mail:

>
>


--
To unsubscribe, e-mail:   
For additional commands, e-mail:

RE: HTTP 404 on j_security_check

2002-09-11 Thread Michael Remijan 

All,

My solution was to bypass it all together.  I wanted to use that realm in order to 
enable single sign on for multiple webapps.  After a week of struggling with problems 
exactly like you described, I finally gave up.  After thinking for a few minutes I 
guessed (correctly) that single sign on after authentication can be accomplished 
easily by setting a cookie (which is what the catalina code does) since a cookie can 
easily survive between calls to different webapps.  I had already had code in my 
servlet and jsp pages to check for a "logged In" object in the users session.  I just 
modified it slightly to check for the cookie as well.  It works great and I don't have 
any of the issues of redirecting to pages that come with using the form based 
authentication.



-Original Message-
From: Maxime Colas des Francs [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 11, 2002 8:43 AM
To: Tomcat Users List
Subject: HTTP 404 on j_security_check


Hi

 I use a Form based authentification in web.xml :
[...]

FORM
 Authentication Area
 
 /login.jsp
 /login_failed.jsp
 

 [...]

in login.jsp :
[...]




[...]

authentification works great but after, if i click on the "Back"  button of
my browser to go back on the login page
and i try the authentification again, Tomcat launch a HTTP 404 error on
/j_security_check
 (page refresh don't change anything)

in access.log (i protect /pages/* and login form is in /login.jsp):

10.20.0.7 - - [10/Sep/2002:11:01:15 -0500] "GET /pages/home.jsp HTTP/1.1"
302 764
10.20.0.7 - - [10/Sep/2002:11:01:15 -0500] "GET /login.jsp HTTP/1.1" 200
7070
10.20.0.7 - - [10/Sep/2002:11:01:21 -0500] "GET
/j_security_check?j_username=bob&j_password=bob HTTP/1.1" 302 764
10.20.0.7 - bob [10/Sep/2002:11:01:23 -0500] "GET /pages/home.jsp HTTP/1.1"
200 5018

here, all is ok , i'm authentified as bob (i think that 302 HTTP return code
is a good thing ? servlet redirection ??)
now i click on back button and attempt to re-authentifiate bob and ...

10.20.0.7 - bob [10/Sep/2002:11:01:29 -0500] "GET
/j_security_check?j_username=bob&j_password=bob HTTP/1.1" 404 734

404 error ...

Do you have a solution ?

Thanks a lot.

(bilingue english/french)

--
To unsubscribe, e-mail:   
For additional commands, e-mail: 




--
To unsubscribe, e-mail:   
For additional commands, e-mail: