All,
My solution was to bypass it all together. I wanted to use that realm in order to
enable single sign on for multiple webapps. After a week of struggling with problems
exactly like you described, I finally gave up. After thinking for a few minutes I
guessed (correctly) that single sign on after authentication can be accomplished
easily by setting a cookie (which is what the catalina code does) since a cookie can
easily survive between calls to different webapps. I had already had code in my
servlet and jsp pages to check for a logged In object in the users session. I just
modified it slightly to check for the cookie as well. It works great and I don't have
any of the issues of redirecting to pages that come with using the form based
authentication.
mike/
-Original Message-
From: Maxime Colas des Francs [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 11, 2002 8:43 AM
To: Tomcat Users List
Subject: HTTP 404 on j_security_check
Hi
I use a Form based authentification in web.xml :
[...]
login-config
auth-methodFORM/auth-method
realm-nameAuthentication Area/realm-name
form-login-config
form-login-page/login.jsp/form-login-page
form-error-page/login_failed.jsp/form-error-page
/form-login-config
/login-config
[...]
in login.jsp :
[...]
form method=GET action=j_security_check
input type=text name=j_username
input type=password name=j_password
/form
[...]
authentification works great but after, if i click on the Back button of
my browser to go back on the login page
and i try the authentification again, Tomcat launch a HTTP 404 error on
/j_security_check
(page refresh don't change anything)
in access.log (i protect /pages/* and login form is in /login.jsp):
10.20.0.7 - - [10/Sep/2002:11:01:15 -0500] GET /pages/home.jsp HTTP/1.1
302 764
10.20.0.7 - - [10/Sep/2002:11:01:15 -0500] GET /login.jsp HTTP/1.1 200
7070
10.20.0.7 - - [10/Sep/2002:11:01:21 -0500] GET
/j_security_check?j_username=bobj_password=bob HTTP/1.1 302 764
10.20.0.7 - bob [10/Sep/2002:11:01:23 -0500] GET /pages/home.jsp HTTP/1.1
200 5018
here, all is ok , i'm authentified as bob (i think that 302 HTTP return code
is a good thing ? servlet redirection ??)
now i click on back button and attempt to re-authentifiate bob and ...
10.20.0.7 - bob [10/Sep/2002:11:01:29 -0500] GET
/j_security_check?j_username=bobj_password=bob HTTP/1.1 404 734
404 error ...
Do you have a solution ?
Thanks a lot.
(bilingue english/french)
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
