CustomLogin.class is a resource at a protected URL which also contains the
login form. So here is how it works (or how I would like it to work). I have
a CustomLogin class:
CustomLogin.class (located in /dev/WEB-INF/classes/)
public class CustomLogin extends HttpServlet {
public CustomLogin() {
super();
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
{
performTask(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse
response) {
performTask(request, response);
}
public void performTask(HttpServletRequest request, HttpServletResponse
response) {
try {
String jspPage = "login.jsp";
RequestDispatcher rd =
getServletContext().getRequestDispatcher("/jsp/security/" + jspPage);
rd.forward(request, response);
}
catch(Exception e) {
e.printStackTrace();
}
}
}
login.jsp (located in /dev/jsp/security/)
<html>
<head>
<title>Login Page for Examples</title>
<body bgcolor="white">
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="j_password"></td>
</tr>
<tr>
<td align="right"><input type="submit" value="Log In"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
</form>
</body>
</html>
web.xml
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/servlet/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/servlet/CustomLogin</form-login-page>
<form-error-page>/jsp/security/error.jsp</form-error-page>
</form-login-config>
</login-config>
The user will type in the URL:
http://localhost:8080/dev/servlet/CustomLogin. The login form does appear.
But once I enter the login information (username and password) the "Invalid
direct reference to form login page" appears. What I want it to have the
user type in http://localhost:8080/dev/servlet/CustomLogin and login. If
they are successful, then it should then direct them to the CustomLogin
servlet so I can get the user information and customize the page according
to who is logged in. I hope this makes sense. I just can't seem to get it to
work or how to make it work.
Thanks,
Kevin
Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]
-----Original Message-----
From: John Gregg [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 02, 2002 02:25 PM
To: 'Tomcat Users List'
Subject: RE: j_security_check question
Is CustomLogin a resource at a protected URL, or is it a servlet that itself
spits out a login page? You can't access j_security_check directly.
Instead, you need to access a protected URL, the container sees that you're
not logged-in and redirects you to the login form, you submit the login
form, and finally the container sends you to the original resource you
requested.
john
-----Original Message-----
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED].
org]On Behalf Of Kevin Andryc
Sent: Tuesday, July 02, 2002 12:09 PM
To: Tomcat Users List
Subject: RE: j_security_check question
When I type in the URL:
http://localhost:8080/dev/servlet/CustomLogin
The form loads with the respective "username" and "password" fields. But
when I submit the form to be authenticated, that is when the error appears.
Sincerely,
Kevin
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
