HTTP 400 with Form based authentication

Sat, 29 Aug 2015 14:16:57 -0700 

Okay this is my first try at container based authentication using Realms in
Tomcat. And things have gone wrong. Here is my login page -:

<html>
<body>
<h2>Login</h2>
<form method="post" action="j_security_check">
    User ID: <input type="text" name="j_username" />
    <br />
    Password: <input type="password" name="j_password" />
    <br />
    <input type="submit" value="Login">
</form>
</body>
</html>

As you can see its as simple as it can get.

Once I click Submit with proper user creds I am suppose to land up in the
/protected/success.jsp. (Its in a folder called "protected" which is under
the webapp folder)

The success page looks like the following-:

<?xml version="1.0" encoding="ISO-8859-1" ?>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Hello User</title>
</head>
<body>
<h3>Success</h3>
</body>
</html>

Also as simple as it can get.

My web.xml security configuration is -:

<security-constraint>
        <web-resource-collection>
            <web-resource-name>TECHERS</web-resource-name>
            <url-pattern>/teacher/success.jsp</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>

        <auth-constraint>
            <role-name>TEACHER</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/index.jsp</form-login-page>
            <form-error-page>/index.jsp?error=true</form-error-page>
        </form-login-config>
    </login-config>

    <security-role>
        <role-name>TEACHER</role-name>
    </security-role>

Point out any errors if you find any.

I have configured the realm in my context.xml as follows-:

<Realm className="org.apache.catalina.realm.DataSourceRealm"
   localDataSource="true"
   dataSourceName="jdbc/TestDB"
   userTable="users" userNameCol="user_id" userCredCol="user_pass"
   userRoleTable="user_roles" roleNameCol="role_name">

   <CredentialHandler className =
"org.apache.catalina.realm.SecretKeyCredentialHandler"
   algorithm = "PBEWITHHMACSHA384ANDAES_256"
   iterations = "111111"
   saltLength = "20" />

   </Realm>

Now when I click on submit I get the following error page in Tomcat -:


*HTTP Status 400 - Invalid direct reference to form login page*

*message* *Invalid direct reference to form login page*

*description* *The request sent by the client was syntactically incorrect.*


Why is this happening ? Any help would be greatly appreciated.

What does the error mean ? Please check my web.xml and tell me if I am
wrong.

Regards

Sreyan Chakravarty

Reply via email to