Programatic JAAS login in Tomcat 6.0.26!
Hello, I'm using Tomcat 6.0.26 and java 1.5 SDK and I'm trying to implement a programmatic login in tomcat. I'm using JAAS for the container based security. Is there anyone that has done this before? I've tryied to bypass it by making a post with the username and the password in this request http://localhost:8080/acm/flex/j_security_checkusername=testpassword=test but it seems that Tomcat caches this request and then expects another request. I don't know what else to do. Please help! Thanks!!!
Re: Programatic JAAS login in Tomcat 6.0.26!
Hi Mikolaj and Mark, Thanks for the replay. The problem is that I read the specifications and I still don't know how to push the login details and the request for the main page in one call. The fact is that I need to open a browser from a swing app with the main page for my other application(that uses JAAS) programatic. So the real problem is how do push the request from the swing app to open an browser with an authenticated user and the main page from my other app. Because as I already said I cannot push to the application that uses JAAS my login credentials and the request to my main app. So I push the credentials as I already said but HTTP Status 400 - Invalid direct reference to form login page because I have no initial request with my main page, so that Tomcat can restore it. I cannot use JSP, my login page is a simple html page. Thanks a lot for your time! From: Mikolaj Rydzewski m...@ceti.pl To: Tomcat Users List users@tomcat.apache.org Sent: Thu, January 20, 2011 5:53:04 PM Subject: Re: Programatic JAAS login in Tomcat 6.0.26! On Thu, 20 Jan 2011 15:16:15 +, Mark Thomas ma...@apache.org wrote: Read up on FORM auth in the Servlet spec. There is a specific sequence of events that looks roughly like (for a successful auth): 1. Browser sends original request 2. Server saves request, creates session and responds with login page 3. Browser sends login details to server 4. Server validates login details 5. Server restores saved request and processes it 6. Server sends response to original request to browser. Hi Mark, That explains problem some people complain about: When you invalidate session in second step, server is not able to restore previous request and leaves user with the same login form with URL /j_security_check. Real problem is, that now cryptic error appears: HTTP Status 400 - Invalid direct reference to form login page. It's enough for user to open login form page, wait until session invalidates due to inactivity time, then try to login. One solution is to use HttpSession.isNew() check on login JSP page and perform redirect to e.g. to main page. -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Programatic JAAS login in Tomcat 6.0.26!
How do I set it?Is it a configuration is my deployment descriptor or in the server.xml file?In tomcat 7 .. Thanks!
Re: HTTP Status 408!
Can you provide a hint on how to perform automatic login using BASIC authentication? Or can I somehow modify the class FormAuthenticator? and tell Tomcat to use my custom class Thanks! From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, June 21, 2010 7:52:40 PM Subject: Re: HTTP Status 408! On 21/06/2010 17:36, neo21 zerro wrote: Ok. Something like this ? URL protectedResource = new URL(http://localhost:8080/resource;); *URLConnection yc = *protectedResource*.openConnection();* BufferedReader in = new BufferedReader( new InputStreamReader( *yc.getInputStream()*)); String inputLine; while ((inputLine = in.readLine()) != null) //check if the response is the login page in.close(); if(The response is login page){ //make another request with to specific params for the authentication } It's actually much easier to use BASIC auth if a machine is logging in. Look at: http://hc.apache.org/ My question is that in the second request I need to open a browser so is the session id of the first request the same with the session id of the second request? because the FormAuthenticator need's the session id of the first request to retrieve the protected resource? Yes, the session id will be required. If the URLs are encoded properly as per previous discussion, then the form action attribute will be re-encoded to incorporate the session id - you'll see how to submit to a modified URL if you examine the returned HTML for the login form. p *From:* Pid p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org *Sent:* Mon, June 21, 2010 6:19:44 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 15:48, neo21 zerro wrote: Ok.I already have send params from my other application to my Tomcat application and everything goes well, I make this with the j_security_check on a post method, and I track down the path with the debug log. The problem is that in the org.apache.catalina.authenticator.FormAuthenticator in the authenticate method the user is getting authenticated but when the user should be redirected to the initial saved request, null is returned. So my problem is that I make */programmaticaly http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 /*just a request to my Tomcat web app authenticating the user per user params but I need somehow to tell the FormAuthenticator what the saved request should be. Any ideas? The process is: 1. make a request for a protected resource 2. check the response is what you want, 3. if it's not, but contains a login form 4. submit username password against form url FormAuthenticator creates the saved request at step 1. p Thanks!!! *From:* Pid p...@pidster.com mailto:p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org *Sent:* Mon, June 21, 2010 5:30:00 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 15:20, neo21 zerro wrote: Hello, Problem finally solved :) Pid was right my encoding was not ok and a Cookie was not passed over with the poste of the login page :) I needed to explicity create a servlet and in that servler add to the response object the JSSESIONID as a Cookie :) I have another question can I login from another aplication programmicaly to my app that runs on Tomcat with custom JAAS login module? If the other app knows how to perform whatever custom JAAS login you've built, then I don't see why not. p From: Martin Gainty mgai...@hotmail.com mailto:mgai...@hotmail.com mailto:mgai...@hotmail.com mailto:mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org Sent: Fri, June 11, 2010 11:16:09 PM Subject: RE: HTTP Status 408! can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply Date: Fri, 11 Jun 2010 12:32:44 -0700 From: neo21_ze...@yahoo.com mailto:neo21_ze...@yahoo.com mailto:neo21_ze...@yahoo.com mailto:neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users
Re: HTTP Status 408!
Thanks Pid for your time and answers. Clearly that is not an option for me...I'll wait for Tomcat 7 then :) Thanks! From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Tue, June 22, 2010 3:41:02 PM Subject: Re: HTTP Status 408! On 22/06/2010 13:25, neo21 zerro wrote: Can you provide a hint on how to perform automatic login using BASIC authentication? Did you look at the link I sent? Or can I somehow modify the class FormAuthenticator? and tell Tomcat to use my custom class FormAuthenticator is a Valve, it is automatically added to the Valve pipeline for each Context it's used with. Look at the source for FormAuthenticator. You can manually define your own Authenticator implementation, in META-INF/context.xml. ?xml version=1.0 encoding=UTF-8? Context ... reloadable=true WatchedResourceWEB-INF/web.xml/WatchedResource Valve className=my.package.MyAuthenticator / /Context N.B. Use your own Authenticator and you'll have to make sure every Tomcat upgrade is thoroughly checked for changes to the related classes. Tomcat 7.0 will have programmatic login as it implements Servlet 3.0, so you might only need to do this is a temporary measure. p *From:* Pid p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org *Sent:* Mon, June 21, 2010 7:52:40 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 17:36, neo21 zerro wrote: Ok. Something like this ? URL protectedResource = new URL(http://localhost:8080/resource;); *URLConnection yc = *protectedResource*.openConnection();* BufferedReader in = new BufferedReader( new InputStreamReader( *yc.getInputStream()*)); String inputLine; while ((inputLine = in.readLine()) != null) //check if the response is the login page in.close(); if(The response is login page){ //make another request with to specific params for the authentication } It's actually much easier to use BASIC auth if a machine is logging in. Look at: http://hc.apache.org/ My question is that in the second request I need to open a browser so is the session id of the first request the same with the session id of the second request? because the FormAuthenticator need's the session id of the first request to retrieve the protected resource? Yes, the session id will be required. If the URLs are encoded properly as per previous discussion, then the form action attribute will be re-encoded to incorporate the session id - you'll see how to submit to a modified URL if you examine the returned HTML for the login form. p *From:* Pid p...@pidster.com mailto:p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org *Sent:* Mon, June 21, 2010 6:19:44 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 15:48, neo21 zerro wrote: Ok.I already have send params from my other application to my Tomcat application and everything goes well, I make this with the j_security_check on a post method, and I track down the path with the debug log. The problem is that in the org.apache.catalina.authenticator.FormAuthenticator in the authenticate method the user is getting authenticated but when the user should be redirected to the initial saved request, null is returned. So my problem is that I make */programmaticaly http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 /*just a request to my Tomcat web app authenticating the user per user params but I need somehow to tell the FormAuthenticator what the saved request should be. Any ideas? The process is: 1. make a request for a protected resource 2. check the response is what you want, 3. if it's not, but contains a login form 4. submit username password against form url FormAuthenticator creates the saved request at step 1. p Thanks!!! *From:* Pid p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org *Sent:* Mon, June 21
Re: HTTP Status 408!
Hello, Problem finally solved :) Pid was right my encoding was not ok and a Cookie was not passed over with the poste of the login page :) I needed to explicity create a servlet and in that servler add to the response object the JSSESIONID as a Cookie :) I have another question can I login from another aplication programmicaly to my app that runs on Tomcat with custom JAAS login module? From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Fri, June 11, 2010 11:16:09 PM Subject: RE: HTTP Status 408! can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply Date: Fri, 11 Jun 2010 12:32:44 -0700 From: neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 10:35:48 PM Subject: Re: HTTP Status 408! On 10/06/2010 15:39, neo21 zerro wrote: Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Re: HTTP Status 408!
Ok.I already have send params from my other application to my Tomcat application and everything goes well, I make this with the j_security_check on a post method, and I track down the path with the debug log. The problem is that in the org.apache.catalina.authenticator.FormAuthenticator in the authenticate method the user is getting authenticated but when the user should be redirected to the initial saved request, null is returned. So my problem is that I make programmaticaly just a request to my Tomcat web app authenticating the user per user params but I need somehow to tell the FormAuthenticator what the saved request should be. Any ideas? Thanks!!! From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, June 21, 2010 5:30:00 PM Subject: Re: HTTP Status 408! On 21/06/2010 15:20, neo21 zerro wrote: Hello, Problem finally solved :) Pid was right my encoding was not ok and a Cookie was not passed over with the poste of the login page :) I needed to explicity create a servlet and in that servler add to the response object the JSSESIONID as a Cookie :) I have another question can I login from another aplication programmicaly to my app that runs on Tomcat with custom JAAS login module? If the other app knows how to perform whatever custom JAAS login you've built, then I don't see why not. p From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Fri, June 11, 2010 11:16:09 PM Subject: RE: HTTP Status 408! can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply Date: Fri, 11 Jun 2010 12:32:44 -0700 From: neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 10:35:48 PM Subject: Re: HTTP Status 408! On 10/06/2010 15:39, neo21 zerro wrote: Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Re: HTTP Status 408!
Ok. Something like this ? URL protectedResource = new URL(http://localhost:8080/resource;); URLConnection yc = protectedResource.openConnection(); BufferedReader in = new BufferedReader( new InputStreamReader( yc.getInputStream())); String inputLine; while ((inputLine = in.readLine()) != null) //check if the response is the login page in.close(); if(The response is login page){ //make another request with to specific params for the authentication } My question is that in the second request I need to open a browser so is the session id of the first request the same with the session id of the second request? because the FormAuthenticator need's the session id of the first request to retrieve the protected resource? From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, June 21, 2010 6:19:44 PM Subject: Re: HTTP Status 408! On 21/06/2010 15:48, neo21 zerro wrote: Ok.I already have send params from my other application to my Tomcat application and everything goes well, I make this with the j_security_check on a post method, and I track down the path with the debug log. The problem is that in the org.apache.catalina.authenticator.FormAuthenticator in the authenticate method the user is getting authenticated but when the user should be redirected to the initial saved request, null is returned. So my problem is that I make */programmaticaly http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 /*just a request to my Tomcat web app authenticating the user per user params but I need somehow to tell the FormAuthenticator what the saved request should be. Any ideas? The process is: 1. make a request for a protected resource 2. check the response is what you want, 3. if it's not, but contains a login form 4. submit username password against form url FormAuthenticator creates the saved request at step 1. p Thanks!!! *From:* Pid p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org *Sent:* Mon, June 21, 2010 5:30:00 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 15:20, neo21 zerro wrote: Hello, Problem finally solved :) Pid was right my encoding was not ok and a Cookie was not passed over with the poste of the login page :) I needed to explicity create a servlet and in that servler add to the response object the JSSESIONID as a Cookie :) I have another question can I login from another aplication programmicaly to my app that runs on Tomcat with custom JAAS login module? If the other app knows how to perform whatever custom JAAS login you've built, then I don't see why not. p From: Martin Gainty mgai...@hotmail.com mailto:mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org Sent: Fri, June 11, 2010 11:16:09 PM Subject: RE: HTTP Status 408! can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply Date: Fri, 11 Jun 2010 12:32:44 -0700 From: neo21_ze...@yahoo.com mailto:neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org mailto:users@tomcat.apache.org I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas ma...@apache.org mailto:ma...@apache.org To: Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org Sent: Thu, June 10, 2010 10:35:48 PM Subject: Re: HTTP Status 408! On 10/06/2010 15:39, neo21 zerro wrote: Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org mailto:users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org mailto:users-h...@tomcat.apache.org
Re: HTTP Status 408!
I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 10:35:48 PM Subject: Re: HTTP Status 408! On 10/06/2010 15:39, neo21 zerro wrote: Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 408!
Hello Pid , Thanks for your time! I put this in my web.xml : session-config session-timeout30/session-timeout !-- 30 minutes -- /session-config From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 12:13:34 PM Subject: Re: HTTP Status 408! On 09/06/2010 21:52, neo21 zerro wrote: Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error occurs. So if anyone has some ideas please share! What have you configured the session time to be? p
Re: HTTP Status 408!
Hello , Good news I found a way to get rid of the error with this code in my JASS: session = req.getSession(true); But now I get another strage error : HTTP Status 400 - Invalid direct reference to form login page type Status report message Invalid direct reference to form login page description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). The response header looks like this: Response Headersview source Server Apache-Coyote/1.1 Content-Type text/html;charset=utf-8 Content-Length 1100 Date Thu, 10 Jun 2010 10:51:56 GMT Connection close Request Headersview source Host localhost:8080 User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617 From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 12:13:34 PM Subject: Re: HTTP Status 408! On 09/06/2010 21:52, neo21 zerro wrote: Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error occurs. So if anyone has some ideas please share! What have you configured the session time to be? p
Re: HTTP Status 408!
Yes every time I want to login! security-constraint web-resource-collection web-resource-nameUser Application/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameuser/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameuser/realm-name form-login-config form-login-page/forms/login.html/form-login-page form-error-page/forms/error.html/form-error-page /form-login-config /login-config security-role descriptionUser Role for authentication/description role-nameuser/role-name /security-role From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 3:43:18 PM Subject: Re: HTTP Status 408! On 10/06/2010 12:06, neo21 zerro wrote: Hello , Good news I found a way to get rid of the error with this code in my JASS: session = req.getSession(true); But now I get another strage error : HTTP Status 400 - Invalid direct reference to form login page type Status report message Invalid direct reference to form login page description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). Does this occur every time you try to log in? Please post the login config from web.xml. p The response header looks like this: Response Headersview source Server Apache-Coyote/1.1 Content-Type text/html;charset=utf-8 Content-Length 1100 Date Thu, 10 Jun 2010 10:51:56 GMT Connection close Request Headersview source Host localhost:8080 User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617 From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 12:13:34 PM Subject: Re: HTTP Status 408! On 09/06/2010 21:52, neo21 zerro wrote: Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error occurs. So if anyone has some ideas please share! What have you configured the session time to be? p
Re: HTTP Status 408!
Hello, this is my login.html page: FORM ACTION=j_security_check METHOD=POST input id=username type=text size=20 name=j_username AUTOCOMPLETE=OFF input type=password size=20 name=j_password AUTOCOMPLETE=OFF input type=submit name=login value=Login From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 4:34:11 PM Subject: RE: HTTP Status 408! the form-login-page login.html *should* contain the j_security parameters for your login form e.g.: form method=POST action=j_security_check input type=text name=j_username input type=text name=j_password input type=submit value=Log in /form is this the case? Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Thu, 10 Jun 2010 06:19:36 -0700 From: neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org; p...@pidster.com Yes every time I want to login! security-constraint web-resource-collection web-resource-nameUser Application/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameuser/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameuser/realm-name form-login-config form-login-page/forms/login.html/form-login-page form-error-page/forms/error.html/form-error-page /form-login-config /login-config security-role descriptionUser Role for authentication/description role-nameuser/role-name /security-role From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 3:43:18 PM Subject: Re: HTTP Status 408! On 10/06/2010 12:06, neo21 zerro wrote: Hello , Good news I found a way to get rid of the error with this code in my JASS: session = req.getSession(true); But now I get another strage error : HTTP Status 400 - Invalid direct reference to form login page type Status report message Invalid direct reference to form login page description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). Does this occur every time you try to log in? Please post the login config from web.xml. p The response header looks like this: Response Headersview source Server Apache-Coyote/1.1 Content-Type text/html;charset=utf-8 Content-Length 1100 Date Thu, 10 Jun 2010 10:51:56 GMT Connection close Request Headersview source Host localhost:8080 User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617 From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 12:13:34 PM Subject: Re: HTTP Status 408! On 09/06/2010 21:52, neo21 zerro wrote: Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error
Re: HTTP Status 408!
Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? Thanks for your time! From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 4:46:16 PM Subject: Re: HTTP Status 408! -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Neo21, On 6/9/2010 4:52 PM, neo21 zerro wrote: I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. Are you trying to login without having first requested a protected page? The behavior you describe is how Tomcat acts if it's not expecting a login, but gets one anyway. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwQ7KgACgkQ9CaO5/Lv0PCQIACcDLKAA/VzAlElHHTknzz8XjCW XUcAoLnJOKG/tNhcGf0O2FOIvSrDH9Ss =fnzD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
HTTP Status 408!
Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error occurs. So if anyone has some ideas please share! Thank you very much!!!