Okay this is my first try at container based authentication using Realms in Tomcat. And things have gone wrong. Here is my login page -:
<html> <body> <h2>Login</h2> <form method="post" action="j_security_check"> User ID: <input type="text" name="j_username" /> <br /> Password: <input type="password" name="j_password" /> <br /> <input type="submit" value="Login"> </form> </body> </html> As you can see its as simple as it can get. Once I click Submit with proper user creds I am suppose to land up in the /protected/success.jsp. (Its in a folder called "protected" which is under the webapp folder) The success page looks like the following-: <?xml version="1.0" encoding="ISO-8859-1" ?> <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>Hello User</title> </head> <body> <h3>Success</h3> </body> </html> Also as simple as it can get. My web.xml security configuration is -: <security-constraint> <web-resource-collection> <web-resource-name>TECHERS</web-resource-name> <url-pattern>/teacher/success.jsp</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>TEACHER</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/index.jsp</form-login-page> <form-error-page>/index.jsp?error=true</form-error-page> </form-login-config> </login-config> <security-role> <role-name>TEACHER</role-name> </security-role> Point out any errors if you find any. I have configured the realm in my context.xml as follows-: <Realm className="org.apache.catalina.realm.DataSourceRealm" localDataSource="true" dataSourceName="jdbc/TestDB" userTable="users" userNameCol="user_id" userCredCol="user_pass" userRoleTable="user_roles" roleNameCol="role_name"> <CredentialHandler className = "org.apache.catalina.realm.SecretKeyCredentialHandler" algorithm = "PBEWITHHMACSHA384ANDAES_256" iterations = "111111" saltLength = "20" /> </Realm> Now when I click on submit I get the following error page in Tomcat -: *HTTP Status 400 - Invalid direct reference to form login page* *message* *Invalid direct reference to form login page* *description* *The request sent by the client was syntactically incorrect.* Why is this happening ? Any help would be greatly appreciated. What does the error mean ? Please check my web.xml and tell me if I am wrong. Regards Sreyan Chakravarty