Muhammad Bilal wrote:
Hi,
I am using Form Authentication with Tomcat 4.1.18. Every thing seems working, when I try to access a protected resource directly, it takes me to the login.jsp and if enter correct user/password it logs me in and takes to protected resource. But if I try to go to login.jsp first and enters my user/password it takes to some thing like http://203.32.143.146:8080/test/j_security_check;jsessionid=303C0E68008E1E54F0E2CBAF43553B27
and displays
HTTP Status 400 - Invalid direct reference to form login page
--------------------------------------------------------------------------------
type Status report
message Invalid direct reference to form login page
description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).
--------------------------------------------------------------------------------
Apache Tomcat/4.1.18
j_security_check is the servlet which uses JDBCRealm, I need to know a bit of its detail how it works, and how is it possible that we go to login.jsp first and then it takes to page we want after success, like the admin section works of tomcat http://localhost:8080/admin. Btw, I noticed also, if we try to give blank user/password on admin page and click to submit, it takes to similar kind of error.
I have following configurations:
In server.xml
<!-- Tomcat test Context -->
<Context path="/test" docBase="test" debug="0" reloadable="true" crossContext="true">
<Logger className="org.apache.catalina.logger.FileLogger" prefix="localhost_test_log." suffix=".txt" timestamp="true"/>
<Environment name="maxExemptions" type="java.lang.Integer" value="15"/>
<Parameter name="context.param.name" value="context.param.value" override="false"/>
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="weblogic.jdbc.mssqlserver4.Driver"
connectionURL="jdbc:weblogic:mssqlserver4:[EMAIL PROTECTED]"
connectionName="dev" connectionPassword="web"
userTable="users" userNameCol="user_name" userCredCol="user_pass"
userRoleTable="user_roles" roleNameCol="role_name" />
</Context>
In web.xml under /test/WEB-INF
<web-app> <display-name>Test by Bilal</display-name> <description>It is a test context for authentication.</description> <security-constraint> <web-resource-collection> <web-resource-name>OnJava Application</web-resource-name> <url-pattern>/protected/*</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>onjavauser</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>Example Form-Based Authentication Area</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> </web-app>
In log:
2003-07-10 18:27:52 WebappLoader[/test]: Reloading checks are enabled for this Context
2003-07-10 18:27:53 ContextConfig[/test]: WARNING: Security role name onjavauser used in an <auth-constraint> without being defined in a <security-role>
2003-07-10 18:27:54 ContextConfig[/test]: Configured an authenticator for method FORM
2003-07-10 18:27:54 StandardManager[/test]: Seeding random number generator class java.security.SecureRandom
2003-07-10 18:27:54 StandardManager[/test]: Seeding of random number generator has been completed
2003-07-10 18:27:54 StandardWrapper[/test:default]: Loading container servlet default
2003-07-10 18:27:54 StandardWrapper[/test:invoker]: Loading container servlet invoker
2003-07-10 18:29:42 JDBCRealm[/test]: Username bob successfully authenticated
Any quick response would be really great.
Thanks,
Bilal
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- ******************************************* * Rick Roberts * * Advanced Information Technologies, Inc. * *******************************************
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
