/appweb/privado/j_security_check
Asking in other forums, I read that " when you use JEE-standard
Container
security, the user should not explicitly request the login/loginfail
pages.
It won't work right."
That is correct. Some implementations have additional configuration
options so this
ssion session = request.getSession();
session.invalidate();
request.getRequestDispatcher("/login.jsp").forward(request, response);
then if same user try to login, this launch something like this:
http://localhost:8080/appweb/privado/j_security_check
Asking in other forum
ssion();
session.invalidate();
request.getRequestDispatcher("/login.jsp").forward(request, response);
then if same user try to login, this launch something like this:
http://localhost:8080/appweb/privado/j_security_check
Asking in other forums, I read that " when you use JEE-standar
From: Christopher Schultz
Sent: Sunday, March 17, 2024 10:57 AM
To: users@tomcat.apache.org
Subject: Re: [EXT]Re: 404 for j_security_check
[You don't often get email from ch...@christopherschultz.net. Learn why this is
important at https://aka.ms/LearnAboutSenderIdentification ]
Rick,
On 3/1
Sent: Sunday, March 17, 2024 10:57 AM
To: users@tomcat.apache.org
Subject: Re: [EXT]Re: 404 for j_security_check
[You don't often get email from ch...@christopherschultz.net. Learn why this is
important at https://aka.ms/LearnAboutSenderIdentification ]
Rick,
On 3/15/24 13:49, Rick Noel
---
From: Christopher Schultz
Sent: Friday, March 15, 2024 12:19 PM
To: users@tomcat.apache.org
Subject: [EXT]Re: 404 for j_security_check
[You don't often get email from ch...@christopherschultz.net. Learn why this is
important at https://aka.ms/LearnAboutSenderIdentification ]
Rick,
l
Systems Programmer | Westwood One
rn...@westwoodone.com
-Original Message-
From: Christopher Schultz
Sent: Friday, March 15, 2024 12:19 PM
To: users@tomcat.apache.org
Subject: [EXT]Re: 404 for j_security_check
[You don't often get email from ch...@christopherschultz.net. Learn
Rick,
On 3/14/24 15:37, Rick Noel wrote:
After moving from tomcat 9 to tomcat 10 after a user successfully
logs in and then hits a restricted page, the login page is hit again
but on this second login hit I get 404 page not found
This is actually expected, since j_security_check is only
After moving from tomcat 9 to tomcat 10after a user successfully logs in
and then hits a restricted page, the login page is hit again but on this
second login hit I get 404 page not found
How do I set the correct path in my login jsp so that j_security_check is
found?
BTW I actually
Recently, my web application has started having issues with the login
process.
I use Tomcat form authentication against a mysql database. That has been
working fine for years. But recently, there has been an increase in odd
behaviours, particularly getting stuck at the j_security_check page
Helge,
On 7/22/23 11:03, Wiemann, Helge (ESI) wrote:
we are using Tomcat 9 and the still the JDBC Realm for authentication.
Our starting URL (which is protected) ends with “/boot1#index”
The form authentication is then processed through the common url
j_security_check.
But after a
On 7/22/23 12:03, Mark Thomas wrote:
Your target URL is invalid. No user agent should be sending the
fragment (#index) part of the URL. At best Tomcat will ignore it. Later
versions may even reject it (I have a memory of that but don't have easy
acces to the source code to check right now).
22 Jul 2023 17:03:50 Wiemann, Helge (ESI)
:
Hi all,
we are using Tomcat 9 and the still the JDBC Realm for authentication.
Our starting URL (which is protected) ends with “/boot1#index”
The form authentication is then processed through the common url
j_security_check.
But after a
Hi all,
we are using Tomcat 9 and the still the JDBC Realm for authentication.
Our starting URL (which is protected) ends with "/boot1#index"
The form authentication is then processed through the common url
j_security_check.
But after a successful login, he is not redirecting to &q
at 16:20, Dirk Ooms >> <mailto:dir...@gmail.com>> wrote:
> >>
> >> apologies for the incomplete info. it is tomcat 9.0.6
> >>
> >> i will try to set up a test case and get back to you.
> >>
> >> dirk
> >>
> >>
t; <mailto:dir...@gmail.com>> wrote:
>>
>> apologies for the incomplete info. it is tomcat 9.0.6
>>
>> i will try to set up a test case and get back to you.
>>
>> dirk
>>
>>
>> On 1 May 2018 at 16:07, Mark Thomas > <
t; On 01/05/18 14:36, Dirk Ooms wrote:
> > Hello,
> >
> > i did an upgrade from tomcat5.5 to tomcat9 and i'm using
> j_security_check.
> >
> > in tomcat5.5 when a user was not logged in and he/she requested
, Dirk Ooms wrote:
>> > Hello,
>> >
>> > i did an upgrade from tomcat5.5 to tomcat9 and i'm using
>> j_security_check.
>> >
>> > in tomcat5.5 when a user was not logged in and he/she requested a url,
>> the
>> > login page was retu
apologies for the incomplete info. it is tomcat 9.0.6
i will try to set up a test case and get back to you.
dirk
On 1 May 2018 at 16:07, Mark Thomas wrote:
> On 01/05/18 14:36, Dirk Ooms wrote:
> > Hello,
> >
> > i did an upgrade from tomcat5.5 to tomcat9 and i'
On 01/05/18 14:36, Dirk Ooms wrote:
> Hello,
>
> i did an upgrade from tomcat5.5 to tomcat9 and i'm using j_security_check.
>
> in tomcat5.5 when a user was not logged in and he/she requested a url, the
> login page was returned and after logging in the user was given t
Hello,
i did an upgrade from tomcat5.5 to tomcat9 and i'm using j_security_check.
in tomcat5.5 when a user was not logged in and he/she requested a url, the
login page was returned and after logging in the user was given the
requested resource. when i requested request.getRequestURI() in my
On 12 March 2014 20:40, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Neeraj,
>
> On 3/12/14, 10:47 AM, Neeraj Sinha wrote:
> Thanks. Actually in the realm implementation, I make a call to backend
> authenticate () method which validates various login rules and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Neeraj,
On 3/12/14, 10:47 AM, Neeraj Sinha wrote:
Thanks. Actually in the realm implementation, I make a call to backend
authenticate () method which validates various login rules and if any of
them fails, it returns false and the user is not allowe
Hi Chris,
On 12 March 2014 00:37, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Neeraj,
>
> On 3/8/14, 2:06 AM, Neeraj Sinha wrote:
> > Chris,
> >
> > On 7 March 2014 21:43, Christopher Schultz
> > wrote:
> >
> > Neeraj,
> >
> > On 3/6/14, 4:34 AM, Neeraj Sin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Neeraj,
On 3/8/14, 2:06 AM, Neeraj Sinha wrote:
> Chris,
>
> On 7 March 2014 21:43, Christopher Schultz
> wrote:
>
> Neeraj,
>
> On 3/6/14, 4:34 AM, Neeraj Sinha wrote:
I have a jsp application and my tomcat version is 7.0.34.
Authenti
n is
> > *login.jsp* which is configured in *web.xml *and it is called
> > whenever any protected resource is requested. It has username and
> > password fields and it's action is *j_security_check*.
> >
> > Now my problem is how to pass unlock_code, the 3rd
unlocked successfully the user
> should land to home page of the application.
>
> Just to let you know, the main login page of the application is
> *login.jsp* which is configured in *web.xml *and it is called
> whenever any protected resource is requested. It has username and
jsp* which
is configured in *web.xml *and it is called whenever any protected resource
is requested. It has username and password fields and it's action is
*j_security_check*.
Now my problem is how to pass unlock_code, the 3rd parameter of *unlock.jsp*
to *FormAuthenticator *u
original request that started it all, through the full login-error-new login
sequence.
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Sunday, December 01, 2013 4:05 PM
To: Tomcat Users List
Subject: Re: j_security_check error
J. Brian Hall wrote:
I’m
error.jsp (from login.jsp). However, an unsuccessful login
followed by attempting to login with the correct username/password leads to
an HTTP Status 404 j_security_check error that says the requested resource
is not available. Does anyone know what may be wrong? Here are the details
of my
). However, an unsuccessful login
followed by attempting to login with the correct username/password leads to
an HTTP Status 404 j_security_check error that says the requested resource
is not available. Does anyone know what may be wrong? Here are the details
of my configuration.
Software
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Tanmoy,
On 2/25/13 12:54 AM, Tanmoy Chatterjee wrote:
> Hello, Tech Stack: Tomcat: 6.0.35 Java: 1.6.0_18 OS: RHEL 5.3
>
> I am using j_security_check (JNDIRealm - LDAP authentication).
>
> On failure I am sending the user to a comm
On 2/25/2013 2:54 AM, Tanmoy Chatterjee wrote:
Hello,
Tech Stack:
Tomcat: 6.0.35
Java: 1.6.0_18
OS: RHEL 5.3
I am using j_security_check (JNDIRealm - LDAP authentication).
On failure I am sending the user to a common error.jsp in the application. On
successful
Hello,
Tech Stack:
Tomcat: 6.0.35
Java: 1.6.0_18
OS: RHEL 5.3
I am using j_security_check (JNDIRealm - LDAP authentication).
On failure I am sending the user to a common error.jsp in the application. On
successful authentication of-course the page requested is displayed
On 18/01/2013 12:01, Tim Watts wrote:
> On 18/01/13 11:45, Mark Thomas wrote:
>> On 18/01/2013 11:07, Tim Watts wrote:
>>> Anyone?
>>
>
> Hi Mark,
>
>> Tomcat doesn't give two hoots about the origin header.
>
> Curious - I wonder how me editing it helped? Unless it caused some
> knockon somewher
On 18/01/13 11:45, Mark Thomas wrote:
On 18/01/2013 11:07, Tim Watts wrote:
Anyone?
Hi Mark,
Tomcat doesn't give two hoots about the origin header.
Curious - I wonder how me editing it helped? Unless it caused some
knockon somewhere.
It does care
about the Host header.
That would m
ith a differenr hostname) is a widely-used
thing, and
I have never heard of this kind of issue before.
May be something specific to j_security_check, I just don't know.
If you stop editing the request headers, and forward the requests via
ProxyPass, do you
get this problem also ?
I will
/2.2/mod/mod_proxy.html#proxypreservehost
Set this to on
Set proxyName="A" anf proxyPort="80" on the connector in server.xml
HTH,
Mark
>
> On 14/01/13 17:24, Watts, Timothy wrote:
>> Hi,
>>
>>
>>
>> Is there a way to *tell* j_security_check that an O
Tim Watts wrote:
Anyone?
On 14/01/13 17:24, Watts, Timothy wrote:
Hi,
Is there a way to *tell* j_security_check that an Origin: header set
(during the login POST request) to a remote server is permitted (and is
not an XSS attack)?
We have a tomcat server T running a tomcat webapp that
Anyone?
On 14/01/13 17:24, Watts, Timothy wrote:
Hi,
Is there a way to *tell* j_security_check that an Origin: header set
(during the login POST request) to a remote server is permitted (and is
not an XSS attack)?
We have a tomcat server T running a tomcat webapp that uses
Hi,
Is there a way to *tell* j_security_check that an Origin: header set
(during the login POST request) to a remote server is permitted (and is
not an XSS attack)?
We have a tomcat server T running a tomcat webapp that uses
j_security_check to auth users
(Excuse me - I am not the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rop,
On 12/21/12 4:01 PM, rop wrote:
> I got the responsibility of maintaining a legacy web-application
> running on Tomcat 5.5.36 and using the *j_security_check* feature
> for user-authentication.
Obligatory warning: Tomcat 5.5.x is
I got the responsibility of maintaining a legacy web-application running on
Tomcat 5.5.36 and using the *j_security_check* feature for
user-authentication.
One problem scenario I am looking into:
When you first start the browser and logon to the application, everything
works OK
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chema,
On 10/16/2011 1:55 PM, Chema wrote:
>>
>>
>>
>> Frankly, if you're using Spring Security, I'd stick with it. I
>> myself am thinking of making the switch.
>>
>>
> Yes, I tried it and like it , but I need Single Sign On support and
> the so
>
>
>
> Frankly, if you're using Spring Security, I'd stick with it. I myself
> am thinking of making the switch.
>
>
Yes, I tried it and like it , but I need Single Sign On support and the
solutions what Spring Security offers are complicated to implement by me
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chema,
On 10/15/2011 4:18 PM, Chema wrote:
> This is one of the reasons I switched to SecurityFilter: there is
> a
>
>> FlexibleRealmInterface that passes-in the HttpServletRequest that
>> was used to attempt authentication. That allows you to get ni
> From: Chema [mailto:demablo...@gmail.com]
> Subject: Re: filters on j_security_check
> where I can find info about SecurityFilter ?
The first hit on Google...
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use on
This is one of the reasons I switched to SecurityFilter: there is a
> FlexibleRealmInterface that passes-in the HttpServletRequest that was
> used to attempt authentication. That allows you to get nice things
> like the ip address of the request for logging.
>
>
I'm interested on what are talking
On 13/10/2011 20:53, Caldarale, Charles R wrote:
> If you want to do programmatic security in addition to declarative security,
Or use the Servlet 3.0 APIs, supported by Tomcat.
p
signature.asc
Description: OpenPGP digital signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 10/13/2011 2:11 PM, Caldarale, Charles R wrote:
>> From: Alejandro Soto [mailto:smalejan...@gmail.com] Subject: Re:
>> filters on j_security_check
>
>> what i need is to know if the authentication was successful or
>
> From: Alejandro Soto [mailto:smalejan...@gmail.com]
> Subject: Re: filters on j_security_check
> call j_security_check from inside another servlet is
> just an idea, why is bad idea?
Because it's not supported by the spec; please read SRV.12. If you want to do
program
Hi Chuck, call j_security_check from inside another servlet is just an idea,
why is bad idea?
If possible, I don't want a custom , I want to use the authentication
mechanism of the container (JDBCRealm), use something like this:
.
Context context = (Co
> From: Alejandro Soto [mailto:smalejan...@gmail.com]
> Subject: Re: filters on j_security_check
> what i need is to know if the authentication was successful or not
What are you going to do with said information?
> I just need to know that status and has to be before the au
Hi, thanks for reply, well, what i need is to know if the authentication was
successful or not, I want to get the status of that authentication, I just
need to know that status and has to be before the authentication mechanism
continues.
I am trying to invoke j_security_check from inside another
On 13/10/2011 15:09, Alejandro Soto wrote:
> Hi, my name is Alejandro, I am working with Tomcat 7.0.20 and I need to know
> how can I apply filters to j_security_check to verify the status of login
> before continue with my authentication process.
You can't use Filters because the
Hi, my name is Alejandro, I am working with Tomcat 7.0.20 and I need to know
how can I apply filters to j_security_check to verify the status of login
before continue with my authentication process.
I was thinking to use valves, but I read on internet that valves will be
replaced with Filters
2011/8/15 Chen Paz :
>
> Hi,
>
> I am using a servlet to intercept form based authentication in order to
> insert attribute into the request
What parameter do you want to insert into the request ?
I don't know, but maybe you can do the same with a custom realm
Or, using by Spring Security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 8/15/2011 9:49 AM, Caldarale, Charles R wrote:
>> From: Chen Paz [mailto:chen@expand.com] Subject:
>> j_security_check and RequestDispatcher forward
>
>> I am using a servlet to intercept form based authentication
Filter is not possible. AFAIK you can not use filter before j_security_check in
Tomcat...
-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Monday, August 15, 2011 4:50 PM
To: Tomcat Users List
Subject: RE: j_security_check and RequestDispatcher
> From: Chen Paz [mailto:chen@expand.com]
> Subject: j_security_check and RequestDispatcher forward
> I am using a servlet to intercept form based authentication in order
> to insert attribute into the request and then to redirect the request
> to j_security_check using Re
Hi,
I am using a servlet to intercept form based authentication in order to insert
attribute into the request and then to redirect the request to j_security_check
using RequestDispatcher.
But I'm getting a 404 page with the following error:
type Status report
message /
/23/2010 4:56 AM, Shaun Senecal wrote:
>>>>> I'm using FORM authentication, and everything seems to be working
>>>>> (logins are accepted, etc), except when there was an error the URL
>>>>> changes in the users browser to point to j_security_check.
&
;
> Shaun
>
>
> On Wed, Aug 25, 2010 at 10:17 PM, Christopher Schultz
> wrote:
> Shaun,
>
> On 8/23/2010 4:56 AM, Shaun Senecal wrote:
>>>> I'm using FORM authentication, and everything seems to be working
>>>> (logins are accepted, etc), except
and everything seems to be working
>> (logins are accepted, etc), except when there was an error the URL
>> changes in the users browser to point to j_security_check.
>
> This is expected.
>
>> The
>> contents of the redirect to j_security_check contains login.html, s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Shaun,
On 8/23/2010 4:56 AM, Shaun Senecal wrote:
> I'm using FORM authentication, and everything seems to be working
> (logins are accepted, etc), except when there was an error the URL
> changes in the users browser to point to j_
I'm using FORM authentication, and everything seems to be working
(logins are accepted, etc), except when there was an error the URL
changes in the users browser to point to j_security_check. The
contents of the redirect to j_security_check contains login.html, so
the user is able to log
ge.
> When I remove this flash everything seems to work OK.
> Is there a possibility that j_security_check type of authentication
> conflicts with flash swf file? Who knows...
>
> I know about the problem with re-authentication and I solved it in a way
> that whenever a user goes
Hello,
Indeed that was it!
I moved the flash into another folder that is not protected, and now it
works.
Thanks you!
Bye
vpapado wrote:
>
> Hello,
>
> I have a problem authenticating my users with j_security_check
> interworking with a flash on my login.jsp page.
>
&g
On 21/12/2009 21:50, vpapado wrote:
Hello,
I have a problem authenticating my users with j_security_check interworking
with a flash on my login.jsp page.
Here is how things go:
I use j_security_check method to authenticate my users.
As a result, I have assigned a login.jsp page where I have
Hello,
Thank you for fast reply.
I try everything. Open in different browser, etc.
But the whole login procedure seems to result to error from Tomcat when I
have my flash on the login.jsp page.
When I remove this flash everything seems to work OK.
Is there a possibility that j_security_check
Try resetting your browser, meaning fully close it, or try from a
different browser. Same result? I sometimes get the exact same
"(/./j_security_check) is not available." when i have had my
browser open on the doc for while and re-authenticate. Same thing
happens on my cisco call ma
Hello,
I have a problem authenticating my users with j_security_check interworking
with a flash on my login.jsp page.
Here is how things go:
I use j_security_check method to authenticate my users.
As a result, I have assigned a login.jsp page where I have a login form and
at the top of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peibel,
On 12/15/2009 8:03 AM, peibel80 wrote:
>>> I have a web application (java,jsp) with j_security_check but the user
>>> that
>>> i use to authenticate need change por other in the Simpleprincipal for
>>> j_se
Pid Ster wrote:
>
> On 15/12/2009 10:03, peibel80 wrote:
>>
>>
>> Hi,
>>
>> I have a problem.
>>
>> I have a web aplication (java,jsp) with j_security_check but the user
>> that
>> i use to authenticate need change por other in the
On 15/12/2009 10:03, peibel80 wrote:
Hi,
I have a problem.
I have a web aplication (java,jsp) with j_security_check but the user that
i use to authenticate need change por other in the Simpleprincipal for
j_security_check store in the session as the primary user.
Is posible?
I don&#
Hi,
I have a problem.
I have a web aplication (java,jsp) with j_security_check but the user that
i use to authenticate need change por other in the Simpleprincipal for
j_security_check store in the session as the primary user.
Is posible?
thanks,
Sorry for my inglish.
--
View this message
Thanks a lot to all your guys!!
-Rex
2009/9/24 Christopher Schultz
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Rex,
>
> On 9/24/2009 3:15 AM, Rex Wang wrote:
> > What is a"note"? I am quite understanding its definition..
>
> Just to clarify Chuck's comments: a "note" has nothing to d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rex,
On 9/24/2009 3:15 AM, Rex Wang wrote:
> What is a"note"? I am quite understanding its definition..
Just to clarify Chuck's comments: a "note" has nothing to do with the
Servlet API. It's an implementation detail specific to Tomcat where,
among
> From: Rex Wang [mailto:rwo...@gmail.com]
> Subject: Re: what does j_security_check do in clustering?
>
> What is a"note"? I am quite understanding its definition..
Look at the code. The notes field in a StandardSession is just a Hashtable
containing an arbitrary set of
What is a"note"? I am quite understanding its definition..
thanks
2009/9/23 Filip Hanik - Dev Lists
> j_security_check is stored as a note with the user session, but that data
> is not being replicated.
>
> Filip
>
>
>
> On 09/17/2009 12:05 AM, Rex Wang wrote
On 09/23/2009 11:40 AM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Filip,
On 9/23/2009 10:12 AM, Filip Hanik - Dev Lists wrote:
j_security_check is stored as a note with the user session, but that
data is not being replicated.
So, the session notes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Filip,
On 9/23/2009 10:12 AM, Filip Hanik - Dev Lists wrote:
> j_security_check is stored as a note with the user session, but that
> data is not being replicated.
So, the session notes specifically are not replicated?
That seems to indicat
j_security_check is stored as a note with the user session, but that
data is not being replicated.
Filip
On 09/17/2009 12:05 AM, Rex Wang wrote:
Dear Tomcat,
I meet a problem when config a web project which using the form based
security in clustering.
When I set session affinity = true in
thentication or there is a bug
somewhere.
Technically, I believe that Tomcat requires a session in order to store
your original request so it can be re-played after successful
authentication. In that case, I would have expected the session to be
replicated across the cluster before the request fo
> >> Clustering or load-balancing? Whether or not session replication is
> >> configured between your Tomcat instance's is key.
> >>
> >
> > I guess the j_security_check is not implemented by session. so the
> session
> > replication does not wo
ssion replication is
>> configured between your Tomcat instance's is key.
>>
>
> I guess the j_security_check is not implemented by session. so the session
> replication does not work for security check, right?
I thought it did - hence my question about whether you were using
cl
your Tomcat instance's is key.
>
I guess the j_security_check is not implemented by session. so the session
replication does not work for security check, right?
and I see the following in tomcat document:
To run session replication in your Tomcat 6.0 container, the following steps
should be
Rex Wang wrote:
> Dear Tomcat,
>
> I meet a problem when config a web project which using the form based
> security in clustering.
Clustering or load-balancing? Whether or not session replication is
configured between your Tomcat instance's is key.
> When I set session affinity = true in my fron
Dear Tomcat,
I meet a problem when config a web project which using the form based
security in clustering.
When I set session affinity = true in my front http server, the security
check was done in single node, there is no problem with that.
But if I set affinity = false, the requests from the se
ek I think.)
As yet everything is done by means of the j_security_check. But now two
problems arise. The credentials are needed in serveral servlets, as the web
app will be a mail application. According to the servlet specs (12.3
Programmatic Security) programmatic security constists of
- get
You should check to see if you are able to get the parameters when the
request(s) is send via a "get" vs. a "post".
--- On Wed, 5/6/09, Sanjay Manchiganti wrote:
From: Sanjay Manchiganti
Subject: Re: j_security_check/j_username/j_password issue in Tomcat Version
6.0.
request but when I do a
request.getParameter("j_username") or request.getParameter("j_password") in a
jsp I'm getting a null value back.
Thanks,
Sanjay.
From: "Caldarale, Charles R"
To: Tomcat Users List
Sent: Tuesda
> From: Sanjay Manchiganti [mailto:ms4san...@yahoo.com]
> Subject: j_security_check/j_username/j_password issue in Tomcat Version
> 6.0.18
>
> Did anything change in terms of j_securitycheck / container managed
> security between these two versions of tomcat?
What "two v
will get to the values in the request. Of course enabling this valve won't
cut if for production.
--- On Tue, 5/5/09, Sanjay Manchiganti wrote:
From: Sanjay Manchiganti
Subject: j_security_check/j_username/j_password issue in Tomcat Version 6.0.18
To: users@tomcat.apache.org
Date: Tuesday,
Hello All,
I've deployed two apps(say A and B) into two instances of Tomcat running on
port 8080 and 8081. They both have been enabled for form based
authentication.
Step 1: When a user tries to access the application A he is shown a
userid/password page(Alogin.jsp) with all the j_xxx detai
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gregor,
On 3/13/2009 1:58 PM, Gregor Schneider wrote:
> So will I then be able to access the HttpSession-object created when
> inside HTTPS (login-page) when I'm querying it from within a JSP
> served via plain HTTP?
No, the session will be created i
Chris,
On Fri, Mar 13, 2009 at 5:14 PM, Christopher Schultz
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Gregor,
>
> On 3/13/2009 11:42 AM, Gregor Schneider wrote:
>> So would following scenario work?
>>
>> - login using form-based login via https
>>
>> - when successful:
>> Ht
Hi André,
first: Please forgive me my late answer also to your PM, however, I
was really busy here so that I didn't find any time to answer in an
appropriate (aka detailed) manner.
So here we go:
Customers
When talking about customers, I'm actually talking about our staff
from t
Here's what you want to do:
- - Write a filter that intercepts all HTTPS traffic and redirects it to
HTTP. This will make sure that anyone attempting to use HTTPS for the
fun of it will end up seeing a non-secure page. This will not affect
calls to j_security_check.
- - Modify you
Chris,
On Fri, Mar 13, 2009 at 3:26 PM, Christopher Schultz
wrote:
>
> Just to be clear, it's the session creation that is sensitive to SSL,
> not the actual login (authentication step). If your session exists and
> is visible to non-secure communications before authentication, then it
> will als
1 - 100 of 337 matches
Mail list logo
