... this is one, of many frustrations that I found while experiementing with singleSignOn, realms, and defining secured areas in the webapp. The main crux of the problem is that when you submit to /j_security_check there is no way to also specify where tomcat should re-direct to. This works ok for simple cases. Example:
1) try to go to a secure page. 2) tomcat intercepts and display login page 3) user submits login page, tomcat display where user was trying to go in step #1 but when you start talking about using the back button, having servlets redirect to pages, having jsps redirect to pages, tomcat gets confused as to where to go after authenticating the user. Personally, I've given up on it. So far it's been a lot of work without much benefit. So instead, I'm going to set a cookie myself at path "/" and use that to authenticate users over multiple webapps, which should be what the single sign on valve is doing anyway. <mike/> -----Original Message----- From: Dick de Jong [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 27, 2002 7:58 AM To: '[EMAIL PROTECTED]' Subject: The requested resource (/login/j_security_check) is not available Dear all, I've installed tomcat4.0 and a simple website used for testing authentication (JNDI Realm). I have the following problem. The authentication (against LDAP) works fine. I'm redirected to the index.htm page (simple main page). But when I press the back button and go back to the login page and try to login again, I get the following error message (this does NOT happen when I explicitly logout (session.invalidate()) before). Does anyone know whether this is a config error from my side or a bug in tomcat? I prefer a declarative authentication above a programmatic authentication. Error message: Apache Tomcat/4.0.3 - HTTP Status 404 - /login/j_security_check type Status report message /login/j_security_check description The requested resource (/login/j_security_check) is not available. I'm using the following data : ==> website structure tomcat4.0 /conf /server.xml /webapps /TestLogin /WEB-INF /web.xml /index.htm /login /login.jsp ==> server.xml (Realm setup): <Context path="/TestLogin" docBase="TestLogin" debug="99" reloadable="true" useNaming="true"> <Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://localhost:389" connectionName="cn=Directory Manager" connectionPassword="mypwd" debug="99" roleBase="ou=Accounts,dc=mycompany,dc=com" roleName="cn" roleSearch="(eeuniquemember={0})" roleSubtree="false" userPattern="cn={0},ou=Members,dc=mycompany,dc=com" userPassword="userPassword" /> </Context> ==> web.xml <web-app> <welcome-file-list> <welcome-file>index.htm</welcome-file> </welcome-file-list> <security-constraint> <web-resource-collection> <web-resource-name></web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <description></description> <role-name>4</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login/login.jsp</form-login-page> <form-error-page>/login/login.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>4</role-name> </security-role> </web-app> ==> login.jsp page <html> <head> <title>Login</title> <% if (request.getParameter("mode") != null) { session.invalidate(); } %> <body bgcolor="white"> <form method="POST" action='j_security_check' > <table border="0" cellspacing="5"> <tr> <th align="right">Username:</th> <td align="left"><input type="text" name="j_username"></td> </tr> <tr> <th align="right">Password:</th> <td align="left"><input type="password" name="j_password"></td> </tr> <tr> <td align="right"><input type="submit" value="Log In"></td> <td align="left"><input type="reset"></td> </tr> <tr> <td align="right"><a href="http://localhost:8080/TestLogin/login/login.jsp?mode=logout">Log Out</a></td> <td align="left"> </td> </tr> </table> </form> </body> </html> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>