You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by McEs <mc...@km.ru> on 2001/11/07 08:54:27 UTC
j_security_check
Hi.
I've installed Tomcat 4.0 and try to use Realm JDBC (Posgres).
I moved the test realm's folders (from Tomcat's examples section) to
/usr/jakarta-tomcat-4.0/webapps/ROOT/test/
and after logon with correct name|pass my browser show me the message:
----------------
HTTP Status 404 - /test/protected/j_security_check
The requested resource (/test/protected/j_security_check) is not available.
----------------
What does it mean? Should I configure something else?
Can smbd help me?
McEs
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
RE: j_security_check
Posted by Wai-Yip Tung <wt...@cisco.com>.
Some more idea,
* Use forward instead of redirect to the login page so user never see the
login page's URL.
* Pollute the login page's URL with time stamp and cryptic URL encoded
stuff. This should discourage user from coming back to the login page.
Wai Yip Tung
-----Original Message-----
From: Wai-Yip Tung [mailto:wtung@cisco.com]
Sent: Thursday, November 08, 2001 12:28 PM
To: Tomcat Users List
Subject: RE: j_security_check
Hi Craig, I understand the technical reason of why we should not directly
access or bookmark the login page. But the world wide web users are trained
a different way. They see a web page and they see a good URL. There is
nothing that hint at them that they cannot come back or bookmark this page.
If they insist to bookmark and return to the login page, couldn't tomcat
just dump them to the welcome file after authentication. This behavior seems
quite acceptable to the user and it doesn't seem to violate the servlet
spec.
Wai Yip Tung
-----Original Message-----
From: craigmcc@cisco.com [mailto:craigmcc@cisco.com]On Behalf Of Craig
R. McClanahan
Sent: Wednesday, November 07, 2001 11:14 PM
To: Tomcat Users List
Subject: Re: j_security_check
It is never, ever, ever, ever (!!! :-) valid to reference the login page
directly from your browser.
You should use the URL of some page within the protected area of your
application. For the example shipped with Tomcat, try the following:
http://localhost:8080/examples/jsp/security/protected
which will get redirected to the login page IF AND ONLY IF the user has
not logged in yet -- but it is up to the container (Tomcat) to do that.
If you're confused about how form based login works, please try an
experiment for me -- temporarily switch to BASIC authentication. Note the
fact that (from the user perspective), this is what occurs:
* User requests a protected page
* Container detects that the user has not authenticated
yet, so challenges them for credentials
* Browser displays the pop-up dialog box
* User fills in the username and password
* Container validates the username/password. and
displays the protected page that was originally asked for.
Note that the user ***never*** asked for the URL of the login page
(because, when you use BASIC, there is no such thing). That is
***exactly*** the interaction experience that form based login is designed
to emulate.
PLEASE, train your users to just ask for the page they want. If it's
protected, Tomcat will remember the page they originally asked for while
displaying the login page, and automatically return to it if the
authentication is successful. Any attempt to reference the login page
directly (by typing its URL into your browser, or by linking to it from
some other page) is doomed to cause frustration and non-portable behavior
(i.e. whatever you figure out that works for servlet container X won't
work for servlet container Y).
Craig
On Thu, 8 Nov 2001, McEs wrote:
> Date: Thu, 08 Nov 2001 12:27:35 +0900
> From: McEs <mc...@km.ru>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: Re: j_security_check
>
> Really GREATE 10X for the help to all!!!
> Unfortunately it doesn't work...
> Ok, listen:
> In the examples
>
(/usr/jakarta-tomcat-4.0/webapps/examples/jsp/security/protected/login.jsp)
> file login.jsp is INSIDE /protected directory!? Ok. It doesn't matter.
>
> 1. I move login.jsp from protected folder (test/protected) to
> /usr/jakarta-tomcat-4.0/webapps/ROOT/test/login.jsp
>
> 2. I edited the web.xml:
> ----------------------------
> <web-app>
>
> <security-constraint>
> <display-name>Example Security Constraint</display-name>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/test/protected/*</url-pattern>
> <!-- If you list http methods, only those methods are protected -->
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->
> <role-name>tester</role-name>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
>
> <!-- Default login configuration uses form-based authentication -->
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>Example Form-Based Authentication Area</realm-name>
> <form-login-config>
> <form-login-page>/test/login.jsp</form-login-page>
> <form-error-page>/test/error.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> </web-app>
> -------------------------------
>
> 3. I checked $conf/server.xml:
> ------------------------
>
> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
> driverName="org.postgresql.Driver"
>
>
connectionURL="jdbc:postgresql://localhost/gissp_test?user=maxim;password=Ma
xim"
> userTable="users" userNameCol="user_name"
> userCredCol="user_pass"
> userRoleTable="user_role" roleNameCol="user_role" />
> ------------------------
>
> 4. Then, when I tried to login
> http://localhost:8080/test/login.jsp
>
> I could see:
> HTTP Status 404 - /test/null
> The requested resource (/test/null) is not available.
>
> What's this?
>
> The log file:
> logs/localhost_access_log.2001-11-08.txt
>
> 127.0.0.1 - - [08/Nov/2001:12:23:50 9000] "POST /test/j_security_check
> HTTP/1.1" 302 -
> 127.0.0.1 - - [08/Nov/2001:12:23:50 9000] "GET /test/null HTTP/1.1" 404
197
>
>
> McEs
> p.s. Really thanks to ALL for help!
>
>
>
> raj wrote:
>
> >>
> >>
> >> it tells the servlet engine to call _its_ login servlet so that to
> >> identity
> >> the client with the information found in web.xml (security-* elements),
> >> tomcat-users.xml (depends on web.xml) and the information provided by
> >> the
> >> user
> >>
> > See a very good article on this subject at:
> >
> > http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
> >
> > Cheers
> > -raj
> >
> >
> > --
> > To unsubscribe: <ma...@jakarta.apache.org>
> > For additional commands: <ma...@jakarta.apache.org>
> > Troubles with the list: <ma...@jakarta.apache.org>
> >
> >
> > .
> >
>
>
>
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
RE: j_security_check
Posted by Wai-Yip Tung <wt...@cisco.com>.
Hi Craig, I understand the technical reason of why we should not directly
access or bookmark the login page. But the world wide web users are trained
a different way. They see a web page and they see a good URL. There is
nothing that hint at them that they cannot come back or bookmark this page.
If they insist to bookmark and return to the login page, couldn't tomcat
just dump them to the welcome file after authentication. This behavior seems
quite acceptable to the user and it doesn't seem to violate the servlet
spec.
Wai Yip Tung
-----Original Message-----
From: craigmcc@cisco.com [mailto:craigmcc@cisco.com]On Behalf Of Craig
R. McClanahan
Sent: Wednesday, November 07, 2001 11:14 PM
To: Tomcat Users List
Subject: Re: j_security_check
It is never, ever, ever, ever (!!! :-) valid to reference the login page
directly from your browser.
You should use the URL of some page within the protected area of your
application. For the example shipped with Tomcat, try the following:
http://localhost:8080/examples/jsp/security/protected
which will get redirected to the login page IF AND ONLY IF the user has
not logged in yet -- but it is up to the container (Tomcat) to do that.
If you're confused about how form based login works, please try an
experiment for me -- temporarily switch to BASIC authentication. Note the
fact that (from the user perspective), this is what occurs:
* User requests a protected page
* Container detects that the user has not authenticated
yet, so challenges them for credentials
* Browser displays the pop-up dialog box
* User fills in the username and password
* Container validates the username/password. and
displays the protected page that was originally asked for.
Note that the user ***never*** asked for the URL of the login page
(because, when you use BASIC, there is no such thing). That is
***exactly*** the interaction experience that form based login is designed
to emulate.
PLEASE, train your users to just ask for the page they want. If it's
protected, Tomcat will remember the page they originally asked for while
displaying the login page, and automatically return to it if the
authentication is successful. Any attempt to reference the login page
directly (by typing its URL into your browser, or by linking to it from
some other page) is doomed to cause frustration and non-portable behavior
(i.e. whatever you figure out that works for servlet container X won't
work for servlet container Y).
Craig
On Thu, 8 Nov 2001, McEs wrote:
> Date: Thu, 08 Nov 2001 12:27:35 +0900
> From: McEs <mc...@km.ru>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: Re: j_security_check
>
> Really GREATE 10X for the help to all!!!
> Unfortunately it doesn't work...
> Ok, listen:
> In the examples
>
(/usr/jakarta-tomcat-4.0/webapps/examples/jsp/security/protected/login.jsp)
> file login.jsp is INSIDE /protected directory!? Ok. It doesn't matter.
>
> 1. I move login.jsp from protected folder (test/protected) to
> /usr/jakarta-tomcat-4.0/webapps/ROOT/test/login.jsp
>
> 2. I edited the web.xml:
> ----------------------------
> <web-app>
>
> <security-constraint>
> <display-name>Example Security Constraint</display-name>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/test/protected/*</url-pattern>
> <!-- If you list http methods, only those methods are protected -->
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->
> <role-name>tester</role-name>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
>
> <!-- Default login configuration uses form-based authentication -->
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>Example Form-Based Authentication Area</realm-name>
> <form-login-config>
> <form-login-page>/test/login.jsp</form-login-page>
> <form-error-page>/test/error.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> </web-app>
> -------------------------------
>
> 3. I checked $conf/server.xml:
> ------------------------
>
> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
> driverName="org.postgresql.Driver"
>
>
connectionURL="jdbc:postgresql://localhost/gissp_test?user=maxim;password=Ma
xim"
> userTable="users" userNameCol="user_name"
> userCredCol="user_pass"
> userRoleTable="user_role" roleNameCol="user_role" />
> ------------------------
>
> 4. Then, when I tried to login
> http://localhost:8080/test/login.jsp
>
> I could see:
> HTTP Status 404 - /test/null
> The requested resource (/test/null) is not available.
>
> What's this?
>
> The log file:
> logs/localhost_access_log.2001-11-08.txt
>
> 127.0.0.1 - - [08/Nov/2001:12:23:50 9000] "POST /test/j_security_check
> HTTP/1.1" 302 -
> 127.0.0.1 - - [08/Nov/2001:12:23:50 9000] "GET /test/null HTTP/1.1" 404
197
>
>
> McEs
> p.s. Really thanks to ALL for help!
>
>
>
> raj wrote:
>
> >>
> >>
> >> it tells the servlet engine to call _its_ login servlet so that to
> >> identity
> >> the client with the information found in web.xml (security-* elements),
> >> tomcat-users.xml (depends on web.xml) and the information provided by
> >> the
> >> user
> >>
> > See a very good article on this subject at:
> >
> > http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
> >
> > Cheers
> > -raj
> >
> >
> > --
> > To unsubscribe: <ma...@jakarta.apache.org>
> > For additional commands: <ma...@jakarta.apache.org>
> > Troubles with the list: <ma...@jakarta.apache.org>
> >
> >
> > .
> >
>
>
>
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: j_security_check
Posted by "Craig R. McClanahan" <cr...@apache.org>.
It is never, ever, ever, ever (!!! :-) valid to reference the login page
directly from your browser.
You should use the URL of some page within the protected area of your
application. For the example shipped with Tomcat, try the following:
http://localhost:8080/examples/jsp/security/protected
which will get redirected to the login page IF AND ONLY IF the user has
not logged in yet -- but it is up to the container (Tomcat) to do that.
If you're confused about how form based login works, please try an
experiment for me -- temporarily switch to BASIC authentication. Note the
fact that (from the user perspective), this is what occurs:
* User requests a protected page
* Container detects that the user has not authenticated
yet, so challenges them for credentials
* Browser displays the pop-up dialog box
* User fills in the username and password
* Container validates the username/password. and
displays the protected page that was originally asked for.
Note that the user ***never*** asked for the URL of the login page
(because, when you use BASIC, there is no such thing). That is
***exactly*** the interaction experience that form based login is designed
to emulate.
PLEASE, train your users to just ask for the page they want. If it's
protected, Tomcat will remember the page they originally asked for while
displaying the login page, and automatically return to it if the
authentication is successful. Any attempt to reference the login page
directly (by typing its URL into your browser, or by linking to it from
some other page) is doomed to cause frustration and non-portable behavior
(i.e. whatever you figure out that works for servlet container X won't
work for servlet container Y).
Craig
On Thu, 8 Nov 2001, McEs wrote:
> Date: Thu, 08 Nov 2001 12:27:35 +0900
> From: McEs <mc...@km.ru>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: Re: j_security_check
>
> Really GREATE 10X for the help to all!!!
> Unfortunately it doesn't work...
> Ok, listen:
> In the examples
> (/usr/jakarta-tomcat-4.0/webapps/examples/jsp/security/protected/login.jsp)
> file login.jsp is INSIDE /protected directory!? Ok. It doesn't matter.
>
> 1. I move login.jsp from protected folder (test/protected) to
> /usr/jakarta-tomcat-4.0/webapps/ROOT/test/login.jsp
>
> 2. I edited the web.xml:
> ----------------------------
> <web-app>
>
> <security-constraint>
> <display-name>Example Security Constraint</display-name>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/test/protected/*</url-pattern>
> <!-- If you list http methods, only those methods are protected -->
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->
> <role-name>tester</role-name>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
>
> <!-- Default login configuration uses form-based authentication -->
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>Example Form-Based Authentication Area</realm-name>
> <form-login-config>
> <form-login-page>/test/login.jsp</form-login-page>
> <form-error-page>/test/error.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> </web-app>
> -------------------------------
>
> 3. I checked $conf/server.xml:
> ------------------------
>
> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
> driverName="org.postgresql.Driver"
>
> connectionURL="jdbc:postgresql://localhost/gissp_test?user=maxim;password=Maxim"
> userTable="users" userNameCol="user_name"
> userCredCol="user_pass"
> userRoleTable="user_role" roleNameCol="user_role" />
> ------------------------
>
> 4. Then, when I tried to login
> http://localhost:8080/test/login.jsp
>
> I could see:
> HTTP Status 404 - /test/null
> The requested resource (/test/null) is not available.
>
> What's this?
>
> The log file:
> logs/localhost_access_log.2001-11-08.txt
>
> 127.0.0.1 - - [08/Nov/2001:12:23:50 9000] "POST /test/j_security_check
> HTTP/1.1" 302 -
> 127.0.0.1 - - [08/Nov/2001:12:23:50 9000] "GET /test/null HTTP/1.1" 404 197
>
>
> McEs
> p.s. Really thanks to ALL for help!
>
>
>
> raj wrote:
>
> >>
> >>
> >> it tells the servlet engine to call _its_ login servlet so that to
> >> identity
> >> the client with the information found in web.xml (security-* elements),
> >> tomcat-users.xml (depends on web.xml) and the information provided by
> >> the
> >> user
> >>
> > See a very good article on this subject at:
> >
> > http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
> >
> > Cheers
> > -raj
> >
> >
> > --
> > To unsubscribe: <ma...@jakarta.apache.org>
> > For additional commands: <ma...@jakarta.apache.org>
> > Troubles with the list: <ma...@jakarta.apache.org>
> >
> >
> > .
> >
>
>
>
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: j_security_check
Posted by McEs <mc...@km.ru>.
Really GREATE 10X for the help to all!!!
Unfortunately it doesn't work...
Ok, listen:
In the examples
(/usr/jakarta-tomcat-4.0/webapps/examples/jsp/security/protected/login.jsp)
file login.jsp is INSIDE /protected directory!? Ok. It doesn't matter.
1. I move login.jsp from protected folder (test/protected) to
/usr/jakarta-tomcat-4.0/webapps/ROOT/test/login.jsp
2. I edited the web.xml:
----------------------------
<web-app>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/test/protected/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>tester</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/test/login.jsp</form-login-page>
<form-error-page>/test/error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
-------------------------------
3. I checked $conf/server.xml:
------------------------
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="org.postgresql.Driver"
connectionURL="jdbc:postgresql://localhost/gissp_test?user=maxim;password=Maxim"
userTable="users" userNameCol="user_name"
userCredCol="user_pass"
userRoleTable="user_role" roleNameCol="user_role" />
------------------------
4. Then, when I tried to login
http://localhost:8080/test/login.jsp
I could see:
HTTP Status 404 - /test/null
The requested resource (/test/null) is not available.
What's this?
The log file:
logs/localhost_access_log.2001-11-08.txt
127.0.0.1 - - [08/Nov/2001:12:23:50 9000] "POST /test/j_security_check
HTTP/1.1" 302 -
127.0.0.1 - - [08/Nov/2001:12:23:50 9000] "GET /test/null HTTP/1.1" 404 197
McEs
p.s. Really thanks to ALL for help!
raj wrote:
>>
>>
>> it tells the servlet engine to call _its_ login servlet so that to
>> identity
>> the client with the information found in web.xml (security-* elements),
>> tomcat-users.xml (depends on web.xml) and the information provided by
>> the
>> user
>>
> See a very good article on this subject at:
>
> http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
>
> Cheers
> -raj
>
>
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>
>
> .
>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: j_security_check
Posted by raj <ra...@clarologic.com>.
>
>
>it tells the servlet engine to call _its_ login servlet so that to identity
>the client with the information found in web.xml (security-* elements),
>tomcat-users.xml (depends on web.xml) and the information provided by the
>user
>
See a very good article on this subject at:
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
Cheers
-raj
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: j_security_check
Posted by David Rault <da...@free.fr>.
> What's this the "j_security_check" ????
>
it's part of the J2EE spec
it tells the servlet engine to call _its_ login servlet so that to identity
the client with the information found in web.xml (security-* elements),
tomcat-users.xml (depends on web.xml) and the information provided by the
user
form-based authentification is always the same :
a form which should look like this a lot
<form method="POST" action="j_security_check">
<input type="text" name="j_username">
<input type="password" name="j_password">
</form>
see the servlet 2.3 spec for more details
David
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: j_security_check
Posted by McEs <mc...@km.ru>.
Thank you for reply.
It was by default:
/usr/jakarta-tomcat-4.0/webapps/examples/jsp/security/protected/login.jsp
then I moved (entire folder protected) to:
/usr/jakarta-tomcat-4.0/webapps/ROOT/test/protected/login.jsp
What's this the "j_security_check" ????
Mark Muffett wrote:
>Were you trying to access a protected page or the login page? - I've seen
>strange messages when (by mistake) I've pointed the browser at
>/login/login.jsp.
>
>Having said that, it seems strange that Tomcat is looking for
>j_security_check in protected. Where is your login page and how have you
>code the action on it?
>
>Mark
>
>----- Original Message -----
>From: "McEs" <mc...@km.ru>
>To: "Tomcat Users List" <to...@jakarta.apache.org>
>Sent: Wednesday, November 07, 2001 7:54 AM
>Subject: j_security_check
>
>
>>Hi.
>>I've installed Tomcat 4.0 and try to use Realm JDBC (Posgres).
>>I moved the test realm's folders (from Tomcat's examples section) to
>>/usr/jakarta-tomcat-4.0/webapps/ROOT/test/
>>and after logon with correct name|pass my browser show me the message:
>>----------------
>>
>>
>> HTTP Status 404 - /test/protected/j_security_check
>>
>>The requested resource (/test/protected/j_security_check) is not
>>
>available.
>
>>----------------
>>What does it mean? Should I configure something else?
>>Can smbd help me?
>>
>>McEs
>>
>>
>>--
>>To unsubscribe: <ma...@jakarta.apache.org>
>>For additional commands: <ma...@jakarta.apache.org>
>>Troubles with the list: <ma...@jakarta.apache.org>
>>
>
>
>--
>To unsubscribe: <ma...@jakarta.apache.org>
>For additional commands: <ma...@jakarta.apache.org>
>Troubles with the list: <ma...@jakarta.apache.org>
>
>
>.
>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: j_security_check
Posted by Mark Muffett <ma...@its-axiom.com>.
Were you trying to access a protected page or the login page? - I've seen
strange messages when (by mistake) I've pointed the browser at
/login/login.jsp.
Having said that, it seems strange that Tomcat is looking for
j_security_check in protected. Where is your login page and how have you
code the action on it?
Mark
----- Original Message -----
From: "McEs" <mc...@km.ru>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Wednesday, November 07, 2001 7:54 AM
Subject: j_security_check
> Hi.
> I've installed Tomcat 4.0 and try to use Realm JDBC (Posgres).
> I moved the test realm's folders (from Tomcat's examples section) to
> /usr/jakarta-tomcat-4.0/webapps/ROOT/test/
> and after logon with correct name|pass my browser show me the message:
> ----------------
>
>
> HTTP Status 404 - /test/protected/j_security_check
>
> The requested resource (/test/protected/j_security_check) is not
available.
>
> ----------------
> What does it mean? Should I configure something else?
> Can smbd help me?
>
> McEs
>
>
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>