You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Prashant Saraf <xp...@gmail.com> on 2006/02/03 13:28:11 UTC
Problem in j_security_check
i have a problem in Tomcat & jsp
when i use j_security_check it gives me following error.
The request sent by the client was syntactically incorrect (Invalid direct
reference to form login page
why this so
my web.xml....
<?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?>
<web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee "
xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance "
xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
"
version=3D" 2.4">
<description>
My first jsp example
</description>
<display-name>Work on Jsp</display-name>
<security-constraint>
<display-name>TestApp Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<!-- If you list http methods, only those methods are protecte=
d
-->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<url-pattern>/saraf/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area
-->
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Form-Based Authentication</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
</web-app>
--
Cup of Java + Suger of XML = Secure WebApp
Re: Problem in j_security_check
Posted by David Delbecq <de...@oma.be>.
Once again, login form can only be accessed on demand by server. This
mean access to you login.jsp will only occur as a result of a jsp
forward internal to server at the first time you enter a secure area.
You can't either access j_security_check either login.jsp directly. The
required data in server would not be setup and you'll only trigger an
exception.
Prashant Saraf a écrit :
>i created a link which connect to login.jsp then also it not works:(
>
>On 2/3/06, David Delbecq <de...@oma.be> wrote:
>
>
>>This mean you tried to access login form directly. This is not allowed
>>in j2ee specifications.
>>Access to login form should only be triggered by server on demand. You
>>can't force a login.
>>To access login page, simply put a link to saraf/index.html (simple
>>example)
>>Prashant Saraf a écrit :
>>
>>
>>
>>>i have a problem in Tomcat & jsp
>>>when i use j_security_check it gives me following error.
>>>The request sent by the client was syntactically incorrect (Invalid
>>>
>>>
>>direct
>>
>>
>>>reference to form login page
>>>why this so
>>>my web.xml....
>>>
>>><?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?>
>>>
>>>
>>><web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee "
>>> xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance "
>>> xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee
>>>http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
>>>"
>>> version=3D" 2.4">
>>>
>>> <description>
>>> My first jsp example
>>> </description>
>>> <display-name>Work on Jsp</display-name>
>>>
>>> <security-constraint>
>>> <display-name>TestApp Security Constraint</display-name>
>>> <web-resource-collection>
>>> <web-resource-name>Protected Area</web-resource-name>
>>> <!-- Define the context-relative URL(s) to be protected -->
>>>
>>> <!-- If you list http methods, only those methods are
>>>
>>>
>>protecte=
>>
>>
>>>d
>>>-->
>>> <http-method>DELETE</http-method>
>>> <http-method>GET</http-method>
>>> <http-method>POST</http-method>
>>> <http-method>PUT</http-method>
>>> <url-pattern>/saraf/*</url-pattern>
>>> </web-resource-collection>
>>> <auth-constraint>
>>> <!-- Anyone with one of the listed roles may access this area
>>>-->
>>> <role-name>*</role-name>
>>> </auth-constraint>
>>> </security-constraint>
>>>
>>> <!-- Default login configuration uses form-based authentication -->
>>> <login-config>
>>> <auth-method>FORM</auth-method>
>>> <realm-name>Form-Based Authentication</realm-name>
>>> <form-login-config>
>>> <form-login-page>/login.jsp</form-login-page>
>>> <form-error-page>/error.jsp</form-error-page>
>>> </form-login-config>
>>> </login-config>
>>> <!-- Security roles referenced by this web application -->
>>></web-app>
>>>
>>>
>>>--
>>>Cup of Java + Suger of XML = Secure WebApp
>>>
>>>
>>>
>>>
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>>
>
>
>--
>Cup of Java + Suger of XML = Secure WebApp
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem in j_security_check
Posted by Prashant Saraf <xp...@gmail.com>.
still it not works
it again focous on login page and if i again given detail gives following
error
The requested resource (/saraf/protected/j_security_check) is not available
is this somthig related to web.xml or i have add some in config/server.xml
Re: Problem in j_security_check
Posted by David Delbecq <de...@oma.be>.
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' > <-- that's the error
put this instead
<form method="POST" action='j_security_check' >
Prashant Saraf a écrit :
>as i am new i refer tomcat 's jsp-example
>my structure of webapp
>
>webapps-|
> |
> saraf
> |
> index.html(which link to login.jsp)
> |
> protected
> |
> login.jsp,error.jsp,index.jsp.
>
>
>
>my login.jsp
>
>
><html>
><head>
><title>Login Page for Examples</title>
><body bgcolor="white">
><form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
> <table border="0" cellspacing="5">
> <tr>
> <th align="right">Username:</th>
> <td align="left"><input type="text" name="j_username"></td>
> </tr>
> <tr>
> <th align="right">Password:</th>
> <td align="left"><input type="password" name="j_password"></td>
> </tr>
> <tr>
> <td align="right"><input type="submit" value="Log In"></td>
> <td align="left"><input type="reset"></td>
> </tr>
> </table>
></form>
></body>
></html>
> -----------------
>error.jsp
>------------------
><html>
><head>
><title>Error Page For Examples</title>
></head>
><body bgcolor="white">
>Invalid username and/or password, please try
><a href='<%= response.encodeURL("login.jsp") %>'>again</a>.
></body>
></html>
>----------
>
>
>index.jsp
>
><%
> if (request.getParameter("logoff") != null) {
> session.invalidate();
> response.sendRedirect("index.jsp");
> return;
> }
>%>
><html>
><head>
><title>Protected Page for Examples</title>
></head>
><body bgcolor="white">
>
>You are logged in as remote user <b><%= request.getRemoteUser() %></b>
>in session <b><%= session.getId() %></b><br><br>
>
><br>
>
>If you have configured this app for form-based authentication, you can log
>off by clicking
><a href='<%= response.encodeURL("index.jsp?logoff=true") %>'>here</a>.
>This should cause you to be returned to the logon page after the redirect
>that is performed.
>
></body>
></html>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem in j_security_check
Posted by Prashant Saraf <xp...@gmail.com>.
filnaly it done thanks 4 all
On 2/3/06, David Delbecq <de...@oma.be> wrote:
>
> Everything that correspond to the security-constraint on your web.xml is
> 'protected' and need authentification.
> When you are authenticated, field request.getRemoteUser() is not null
> anymore.
> Be carefull,
>
> <url-pattern>/saraf/*</url-pattern>
>
> in security constraint mean the secure area is
> http://<server>/saraf/saraf/*
>
> If your secure area is
> http://<server>/saraf/protected/*
> then the url pattern is /protected/*
>
> Prashant Saraf a écrit :
>
> >i think problem should be web.xml but still it gives following problem
> >1)You are logged in as remote user *null* in session *
> >2AD5AC97008551CE1EDD510E06AE6E1F
> >
> >*WHICH SHOULD NOT*
> >* 2)how should tomcat know that protected is protected
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Cup of Java + Suger of XML = Secure WebApp
Re: Problem in j_security_check
Posted by David Delbecq <de...@oma.be>.
Everything that correspond to the security-constraint on your web.xml is
'protected' and need authentification.
When you are authenticated, field request.getRemoteUser() is not null
anymore.
Be carefull,
<url-pattern>/saraf/*</url-pattern>
in security constraint mean the secure area is
http://<server>/saraf/saraf/*
If your secure area is
http://<server>/saraf/protected/*
then the url pattern is /protected/*
Prashant Saraf a écrit :
>i think problem should be web.xml but still it gives following problem
>1)You are logged in as remote user *null* in session *
>2AD5AC97008551CE1EDD510E06AE6E1F
>
>*WHICH SHOULD NOT*
>* 2)how should tomcat know that protected is protected
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem in j_security_check
Posted by Prashant Saraf <xp...@gmail.com>.
i think problem should be web.xml but still it gives following problem
1)You are logged in as remote user *null* in session *
2AD5AC97008551CE1EDD510E06AE6E1F
*WHICH SHOULD NOT*
* 2)how should tomcat know that protected is protected
Re: Problem in j_security_check
Posted by David Smith <dn...@cornell.edu>.
Ok.
login.jsp and error.jsp probably shouldn't be located in the protected
folder. They are meant to be seen by the unauthenticated users.
index.html definitely shouldn't link to login.jsp. Link it to
protected/index.jsp instead.
Your web.xml specs a url pattern of saraf/*. It should be /protected/*
instead.
<form-login-page>/ login.jsp</form-login-page> (also in web.xml) should
reflect the webapp relative location of login.jsp (where ever it ends up).
Take a general review of things to verify all your paths. I just cited a
couple of them above.
-- David
Prashant Saraf wrote:
> as i am new i refer tomcat 's jsp-example
> my structure of webapp
>
> webapps-|
> |
> saraf
> |
> index.html(which link to login.jsp)
> |
> protected
> |
> login.jsp,error.jsp,index.jsp.
>
>
>
> my login.jsp
>
>
> <html>
> <head>
> <title>Login Page for Examples</title>
> <body bgcolor="white">
> <form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
> <table border="0" cellspacing="5">
> <tr>
> <th align="right">Username:</th>
> <td align="left"><input type="text" name="j_username"></td>
> </tr>
> <tr>
> <th align="right">Password:</th>
> <td align="left"><input type="password" name="j_password"></td>
> </tr>
> <tr>
> <td align="right"><input type="submit" value="Log In"></td>
> <td align="left"><input type="reset"></td>
> </tr>
> </table>
> </form>
> </body>
> </html>
> -----------------
> error.jsp
> ------------------
> <html>
> <head>
> <title>Error Page For Examples</title>
> </head>
> <body bgcolor="white">
> Invalid username and/or password, please try
> <a href='<%= response.encodeURL("login.jsp") %>'>again</a>.
> </body>
> </html>
> ----------
>
>
> index.jsp
>
> <%
> if (request.getParameter("logoff") != null) {
> session.invalidate();
> response.sendRedirect("index.jsp");
> return;
> }
> %>
> <html>
> <head>
> <title>Protected Page for Examples</title>
> </head>
> <body bgcolor="white">
>
> You are logged in as remote user <b><%= request.getRemoteUser() %></b>
> in session <b><%= session.getId() %></b><br><br>
>
> <br>
>
> If you have configured this app for form-based authentication, you can log
> off by clicking
> <a href='<%= response.encodeURL("index.jsp?logoff=true") %>'>here</a>.
> This should cause you to be returned to the logon page after the redirect
> that is performed.
>
> </body>
> </html>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem in j_security_check
Posted by Prashant Saraf <xp...@gmail.com>.
as i am new i refer tomcat 's jsp-example
my structure of webapp
webapps-|
|
saraf
|
index.html(which link to login.jsp)
|
protected
|
login.jsp,error.jsp,index.jsp.
my login.jsp
<html>
<head>
<title>Login Page for Examples</title>
<body bgcolor="white">
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="j_password"></td>
</tr>
<tr>
<td align="right"><input type="submit" value="Log In"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
</form>
</body>
</html>
-----------------
error.jsp
------------------
<html>
<head>
<title>Error Page For Examples</title>
</head>
<body bgcolor="white">
Invalid username and/or password, please try
<a href='<%= response.encodeURL("login.jsp") %>'>again</a>.
</body>
</html>
----------
index.jsp
<%
if (request.getParameter("logoff") != null) {
session.invalidate();
response.sendRedirect("index.jsp");
return;
}
%>
<html>
<head>
<title>Protected Page for Examples</title>
</head>
<body bgcolor="white">
You are logged in as remote user <b><%= request.getRemoteUser() %></b>
in session <b><%= session.getId() %></b><br><br>
<br>
If you have configured this app for form-based authentication, you can log
off by clicking
<a href='<%= response.encodeURL("index.jsp?logoff=true") %>'>here</a>.
This should cause you to be returned to the logon page after the redirect
that is performed.
</body>
</html>
Re: Problem in j_security_check
Posted by David Smith <dn...@cornell.edu>.
Can you post your login.jsp and let us know if this webapp is ROOT or not?
--David
Prashant Saraf wrote:
>i did same
>now it gives following error
>The requested resource (/saraf/protected/j_security_check) is not available.
>Do i need edit server.xml or any other file.
>
>On 2/3/06, David Smith <dn...@cornell.edu> wrote:
>
>
>>A quick overview of how authentication works might be helpful here.
>>Here's the sequence of events:
>>
>>1) User requests a secured resource
>>2) The server internally redirects the user to login.jsp (note: the
>>client NEVER directly requests login.jsp)
>>3) The user enters his/her credentials and submits
>>4) The system authenticates the user and returns the originally
>>requested resource.
>>
>>So what you really want to do is link to /seraf/index.jsp (or
>>whatever...) and let tomcat handle making sure the user is entitled to
>>it or not.
>>
>>--David
>>
>>Prashant Saraf wrote:
>>
>>
>>
>>>i created a link which connect to login.jsp then also it not works:(
>>>
>>>On 2/3/06, David Delbecq <de...@oma.be> wrote:
>>>
>>>
>>>
>>>
>>>>This mean you tried to access login form directly. This is not allowed
>>>>in j2ee specifications.
>>>>Access to login form should only be triggered by server on demand. You
>>>>can't force a login.
>>>>To access login page, simply put a link to saraf/index.html (simple
>>>>example)
>>>>Prashant Saraf a écrit :
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>i have a problem in Tomcat & jsp
>>>>>when i use j_security_check it gives me following error.
>>>>>The request sent by the client was syntactically incorrect (Invalid
>>>>>
>>>>>
>>>>>
>>>>>
>>>>direct
>>>>
>>>>
>>>>
>>>>
>>>>>reference to form login page
>>>>>why this so
>>>>>my web.xml....
>>>>>
>>>>><?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?>
>>>>>
>>>>>
>>>>><web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee "
>>>>> xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance "
>>>>> xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee
>>>>>http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
>>>>>"
>>>>> version=3D" 2.4">
>>>>>
>>>>> <description>
>>>>> My first jsp example
>>>>> </description>
>>>>> <display-name>Work on Jsp</display-name>
>>>>>
>>>>> <security-constraint>
>>>>> <display-name>TestApp Security Constraint</display-name>
>>>>> <web-resource-collection>
>>>>> <web-resource-name>Protected Area</web-resource-name>
>>>>> <!-- Define the context-relative URL(s) to be protected -->
>>>>>
>>>>> <!-- If you list http methods, only those methods are
>>>>>
>>>>>
>>>>>
>>>>>
>>>>protecte=
>>>>
>>>>
>>>>
>>>>
>>>>>d
>>>>>-->
>>>>> <http-method>DELETE</http-method>
>>>>> <http-method>GET</http-method>
>>>>> <http-method>POST</http-method>
>>>>> <http-method>PUT</http-method>
>>>>> <url-pattern>/saraf/*</url-pattern>
>>>>> </web-resource-collection>
>>>>> <auth-constraint>
>>>>> <!-- Anyone with one of the listed roles may access this area
>>>>>-->
>>>>> <role-name>*</role-name>
>>>>> </auth-constraint>
>>>>> </security-constraint>
>>>>>
>>>>> <!-- Default login configuration uses form-based authentication -->
>>>>> <login-config>
>>>>> <auth-method>FORM</auth-method>
>>>>> <realm-name>Form-Based Authentication</realm-name>
>>>>> <form-login-config>
>>>>> <form-login-page>/login.jsp</form-login-page>
>>>>> <form-error-page>/error.jsp</form-error-page>
>>>>> </form-login-config>
>>>>> </login-config>
>>>>> <!-- Security roles referenced by this web application -->
>>>>></web-app>
>>>>>
>>>>>
>>>>>--
>>>>>Cup of Java + Suger of XML = Secure WebApp
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>--
>>>Cup of Java + Suger of XML = Secure WebApp
>>>
>>>
>>>
>>>
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>>
>
>
>--
>Cup of Java + Suger of XML = Secure WebApp
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem in j_security_check
Posted by Prashant Saraf <xp...@gmail.com>.
i did same
now it gives following error
The requested resource (/saraf/protected/j_security_check) is not available.
Do i need edit server.xml or any other file.
On 2/3/06, David Smith <dn...@cornell.edu> wrote:
>
> A quick overview of how authentication works might be helpful here.
> Here's the sequence of events:
>
> 1) User requests a secured resource
> 2) The server internally redirects the user to login.jsp (note: the
> client NEVER directly requests login.jsp)
> 3) The user enters his/her credentials and submits
> 4) The system authenticates the user and returns the originally
> requested resource.
>
> So what you really want to do is link to /seraf/index.jsp (or
> whatever...) and let tomcat handle making sure the user is entitled to
> it or not.
>
> --David
>
> Prashant Saraf wrote:
>
> >i created a link which connect to login.jsp then also it not works:(
> >
> >On 2/3/06, David Delbecq <de...@oma.be> wrote:
> >
> >
> >>This mean you tried to access login form directly. This is not allowed
> >>in j2ee specifications.
> >>Access to login form should only be triggered by server on demand. You
> >>can't force a login.
> >>To access login page, simply put a link to saraf/index.html (simple
> >>example)
> >>Prashant Saraf a écrit :
> >>
> >>
> >>
> >>>i have a problem in Tomcat & jsp
> >>>when i use j_security_check it gives me following error.
> >>>The request sent by the client was syntactically incorrect (Invalid
> >>>
> >>>
> >>direct
> >>
> >>
> >>>reference to form login page
> >>>why this so
> >>>my web.xml....
> >>>
> >>><?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?>
> >>>
> >>>
> >>><web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee "
> >>> xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance "
> >>> xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee
> >>>http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
> >>>"
> >>> version=3D" 2.4">
> >>>
> >>> <description>
> >>> My first jsp example
> >>> </description>
> >>> <display-name>Work on Jsp</display-name>
> >>>
> >>> <security-constraint>
> >>> <display-name>TestApp Security Constraint</display-name>
> >>> <web-resource-collection>
> >>> <web-resource-name>Protected Area</web-resource-name>
> >>> <!-- Define the context-relative URL(s) to be protected -->
> >>>
> >>> <!-- If you list http methods, only those methods are
> >>>
> >>>
> >>protecte=
> >>
> >>
> >>>d
> >>>-->
> >>> <http-method>DELETE</http-method>
> >>> <http-method>GET</http-method>
> >>> <http-method>POST</http-method>
> >>> <http-method>PUT</http-method>
> >>> <url-pattern>/saraf/*</url-pattern>
> >>> </web-resource-collection>
> >>> <auth-constraint>
> >>> <!-- Anyone with one of the listed roles may access this area
> >>>-->
> >>> <role-name>*</role-name>
> >>> </auth-constraint>
> >>> </security-constraint>
> >>>
> >>> <!-- Default login configuration uses form-based authentication -->
> >>> <login-config>
> >>> <auth-method>FORM</auth-method>
> >>> <realm-name>Form-Based Authentication</realm-name>
> >>> <form-login-config>
> >>> <form-login-page>/login.jsp</form-login-page>
> >>> <form-error-page>/error.jsp</form-error-page>
> >>> </form-login-config>
> >>> </login-config>
> >>> <!-- Security roles referenced by this web application -->
> >>></web-app>
> >>>
> >>>
> >>>--
> >>>Cup of Java + Suger of XML = Secure WebApp
> >>>
> >>>
> >>>
> >>>
> >>>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >>
> >>
> >
> >
> >--
> >Cup of Java + Suger of XML = Secure WebApp
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Cup of Java + Suger of XML = Secure WebApp
Re: Problem in j_security_check
Posted by David Smith <dn...@cornell.edu>.
A quick overview of how authentication works might be helpful here.
Here's the sequence of events:
1) User requests a secured resource
2) The server internally redirects the user to login.jsp (note: the
client NEVER directly requests login.jsp)
3) The user enters his/her credentials and submits
4) The system authenticates the user and returns the originally
requested resource.
So what you really want to do is link to /seraf/index.jsp (or
whatever...) and let tomcat handle making sure the user is entitled to
it or not.
--David
Prashant Saraf wrote:
>i created a link which connect to login.jsp then also it not works:(
>
>On 2/3/06, David Delbecq <de...@oma.be> wrote:
>
>
>>This mean you tried to access login form directly. This is not allowed
>>in j2ee specifications.
>>Access to login form should only be triggered by server on demand. You
>>can't force a login.
>>To access login page, simply put a link to saraf/index.html (simple
>>example)
>>Prashant Saraf a écrit :
>>
>>
>>
>>>i have a problem in Tomcat & jsp
>>>when i use j_security_check it gives me following error.
>>>The request sent by the client was syntactically incorrect (Invalid
>>>
>>>
>>direct
>>
>>
>>>reference to form login page
>>>why this so
>>>my web.xml....
>>>
>>><?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?>
>>>
>>>
>>><web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee "
>>> xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance "
>>> xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee
>>>http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
>>>"
>>> version=3D" 2.4">
>>>
>>> <description>
>>> My first jsp example
>>> </description>
>>> <display-name>Work on Jsp</display-name>
>>>
>>> <security-constraint>
>>> <display-name>TestApp Security Constraint</display-name>
>>> <web-resource-collection>
>>> <web-resource-name>Protected Area</web-resource-name>
>>> <!-- Define the context-relative URL(s) to be protected -->
>>>
>>> <!-- If you list http methods, only those methods are
>>>
>>>
>>protecte=
>>
>>
>>>d
>>>-->
>>> <http-method>DELETE</http-method>
>>> <http-method>GET</http-method>
>>> <http-method>POST</http-method>
>>> <http-method>PUT</http-method>
>>> <url-pattern>/saraf/*</url-pattern>
>>> </web-resource-collection>
>>> <auth-constraint>
>>> <!-- Anyone with one of the listed roles may access this area
>>>-->
>>> <role-name>*</role-name>
>>> </auth-constraint>
>>> </security-constraint>
>>>
>>> <!-- Default login configuration uses form-based authentication -->
>>> <login-config>
>>> <auth-method>FORM</auth-method>
>>> <realm-name>Form-Based Authentication</realm-name>
>>> <form-login-config>
>>> <form-login-page>/login.jsp</form-login-page>
>>> <form-error-page>/error.jsp</form-error-page>
>>> </form-login-config>
>>> </login-config>
>>> <!-- Security roles referenced by this web application -->
>>></web-app>
>>>
>>>
>>>--
>>>Cup of Java + Suger of XML = Secure WebApp
>>>
>>>
>>>
>>>
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>>
>
>
>--
>Cup of Java + Suger of XML = Secure WebApp
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem in j_security_check
Posted by Prashant Saraf <xp...@gmail.com>.
i created a link which connect to login.jsp then also it not works:(
On 2/3/06, David Delbecq <de...@oma.be> wrote:
>
> This mean you tried to access login form directly. This is not allowed
> in j2ee specifications.
> Access to login form should only be triggered by server on demand. You
> can't force a login.
> To access login page, simply put a link to saraf/index.html (simple
> example)
> Prashant Saraf a écrit :
>
> >i have a problem in Tomcat & jsp
> >when i use j_security_check it gives me following error.
> >The request sent by the client was syntactically incorrect (Invalid
> direct
> >reference to form login page
> >why this so
> >my web.xml....
> >
> ><?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?>
> >
> >
> ><web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee "
> > xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance "
> > xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee
> >http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
> >"
> > version=3D" 2.4">
> >
> > <description>
> > My first jsp example
> > </description>
> > <display-name>Work on Jsp</display-name>
> >
> > <security-constraint>
> > <display-name>TestApp Security Constraint</display-name>
> > <web-resource-collection>
> > <web-resource-name>Protected Area</web-resource-name>
> > <!-- Define the context-relative URL(s) to be protected -->
> >
> > <!-- If you list http methods, only those methods are
> protecte=
> >d
> >-->
> > <http-method>DELETE</http-method>
> > <http-method>GET</http-method>
> > <http-method>POST</http-method>
> > <http-method>PUT</http-method>
> > <url-pattern>/saraf/*</url-pattern>
> > </web-resource-collection>
> > <auth-constraint>
> > <!-- Anyone with one of the listed roles may access this area
> >-->
> > <role-name>*</role-name>
> > </auth-constraint>
> > </security-constraint>
> >
> > <!-- Default login configuration uses form-based authentication -->
> > <login-config>
> > <auth-method>FORM</auth-method>
> > <realm-name>Form-Based Authentication</realm-name>
> > <form-login-config>
> > <form-login-page>/login.jsp</form-login-page>
> > <form-error-page>/error.jsp</form-error-page>
> > </form-login-config>
> > </login-config>
> > <!-- Security roles referenced by this web application -->
> ></web-app>
> >
> >
> >--
> >Cup of Java + Suger of XML = Secure WebApp
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Cup of Java + Suger of XML = Secure WebApp
Re: Problem in j_security_check
Posted by David Delbecq <de...@oma.be>.
This mean you tried to access login form directly. This is not allowed
in j2ee specifications.
Access to login form should only be triggered by server on demand. You
can't force a login.
To access login page, simply put a link to saraf/index.html (simple example)
Prashant Saraf a écrit :
>i have a problem in Tomcat & jsp
>when i use j_security_check it gives me following error.
>The request sent by the client was syntactically incorrect (Invalid direct
>reference to form login page
>why this so
>my web.xml....
>
><?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?>
>
>
><web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee "
> xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance "
> xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee
>http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
>"
> version=3D" 2.4">
>
> <description>
> My first jsp example
> </description>
> <display-name>Work on Jsp</display-name>
>
> <security-constraint>
> <display-name>TestApp Security Constraint</display-name>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
>
> <!-- If you list http methods, only those methods are protecte=
>d
>-->
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> <url-pattern>/saraf/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area
>-->
> <role-name>*</role-name>
> </auth-constraint>
> </security-constraint>
>
> <!-- Default login configuration uses form-based authentication -->
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>Form-Based Authentication</realm-name>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/error.jsp</form-error-page>
> </form-login-config>
> </login-config>
> <!-- Security roles referenced by this web application -->
></web-app>
>
>
>--
>Cup of Java + Suger of XML = Secure WebApp
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org