Dear all,
I've installed tomcat4.0 and a simple website used for testing
authentication (JNDI Realm). I have the following problem. The
authentication (against LDAP) works fine. I'm redirected to the index.htm
page (simple main page). But when I press the back button and go back to the
login page and try to login again, I get the following error message (this
does NOT happen when I explicitly logout (session.invalidate()) before).
Does anyone know whether this is a config error from my side or a bug in
tomcat? I prefer a declarative authentication above a programmatic
authentication.
Error message:
Apache Tomcat/4.0.3 - HTTP Status 404 - /login/j_security_check
type Status report
message /login/j_security_check
description The requested resource (/login/j_security_check) is not
available.
I'm using the following data :
==> website structure
tomcat4.0
/conf
/server.xml
/webapps
/TestLogin
/WEB-INF
/web.xml
/index.htm
/login
/login.jsp
==> server.xml (Realm setup):
<Context path="/TestLogin" docBase="TestLogin" debug="99"
reloadable="true" useNaming="true">
<Realm
className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://localhost:389";
connectionName="cn=Directory
Manager"
connectionPassword="mypwd"
debug="99"
roleBase="ou=Accounts,dc=mycompany,dc=com"
roleName="cn"
roleSearch="(eeuniquemember={0})"
roleSubtree="false"
userPattern="cn={0},ou=Members,dc=mycompany,dc=com"
userPassword="userPassword"
/>
</Context>
==> web.xml
<web-app>
<welcome-file-list>
<welcome-file>index.htm</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name></web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name>4</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login/login.jsp</form-login-page>
<form-error-page>/login/login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>4</role-name>
</security-role>
</web-app>
==> login.jsp page
<html>
<head>
<title>Login</title>
<% if (request.getParameter("mode") != null) { session.invalidate(); } %>
<body bgcolor="white">
<form method="POST" action='j_security_check' >
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="j_password"></td>
</tr>
<tr>
<td align="right"><input type="submit" value="Log In"></td>
<td align="left"><input type="reset"></td>
</tr>
<tr>
<td align="right"><a
href="http://localhost:8080/TestLogin/login/login.jsp?mode=logout";>Log
Out</a></td>
<td align="left"> </td>
</tr>
</table>
</form>
</body>
</html>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
