You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ashok Venkat <as...@yahoo.com> on 2008/02/03 04:38:29 UTC
j_security_check
Hi,
I have the following code in a scheduler class, which is trying to invoke a servlet
String url = "https://localhost:8444/servlet/TestServlet";
// Get HTTP client instance
HttpClient httpClient = new HttpClient();
// Create HTTP GET method and execute it
GetMethod getMethod = null;
PostMethod postMethod = null;
int int_result = 0;
getMethod = new GetMethod( url );
getMethod.setFollowRedirects(true);
int_result = httpClient.executeMethod( getMethod );
String contents = getMethod.getResponseBodyAsString();
getMethod.releaseConnection();
postMethod = new PostMethod( "https://localhost:8444/j_security_check" );
postMethod.addParameter( "j_username", "test" );
postMethod.addParameter( "j_password", "test" );
int_result = httpClient.executeMethod( postMethod );
contents = postMethod.getResponseBodyAsString();
postMethod.releaseConnection();
postMethod = new PostMethod( url );
postMethod.addParameter( "Password", "foo" );
int_result = httpClient.executeMethod( postMethod );
----------> At this point when the test servlet is called, the parameter password is null.
getParameter always returns null
getMethod returns GET when it should be post
It seems that the POST is behaving like a GET.
This code works just fine on tomcat 5.0. After upgrading to 6.0, i am seeing this bizarre behaviour
Any thoughts?
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
Re: j_security_check
Posted by Pid <p...@pidster.com>.
Ashok Venkat wrote:
> Hi,
> I have the following code in a scheduler class, which is trying to invoke a servlet
>
> String url = "https://localhost:8444/servlet/TestServlet";
>
> // Get HTTP client instance
> HttpClient httpClient = new HttpClient();
> // Create HTTP GET method and execute it
>
> GetMethod getMethod = null;
> PostMethod postMethod = null;
>
> int int_result = 0;
> getMethod = new GetMethod( url );
> getMethod.setFollowRedirects(true);
> int_result = httpClient.executeMethod( getMethod );
> String contents = getMethod.getResponseBodyAsString();
> getMethod.releaseConnection();
>
> postMethod = new PostMethod( "https://localhost:8444/j_security_check" );
> postMethod.addParameter( "j_username", "test" );
> postMethod.addParameter( "j_password", "test" );
> int_result = httpClient.executeMethod( postMethod );
> contents = postMethod.getResponseBodyAsString();
> postMethod.releaseConnection();
>
> postMethod = new PostMethod( url );
> postMethod.addParameter( "Password", "foo" );
> int_result = httpClient.executeMethod( postMethod );
>
> ----------> At this point when the test servlet is called, the parameter password is null.
> getParameter always returns null
> getMethod returns GET when it should be post
> It seems that the POST is behaving like a GET.
Why shouldn't it return null?
My reading (pre-morning coffee, admittedly) of this code would do the
following (in shorthand):
1. GET TestServlet -> 401 AUTH REQD
TestServlet does *not* execute, instead return a login request
2. POST j_security_check -> 200 OK
Login succeeds, forward to originally requested resource
TestServlet *does* execute, with original params(none) & GET method
3. POST TestServlet.(Password=foo)
TestServlet *does* execute, with params(Password=foo) & POST method
So, look further down in your logs, for the 2nd execution of TestServlet.
regards,
Pid
> This code works just fine on tomcat 5.0. After upgrading to 6.0, i am seeing this bizarre behaviour
>
> Any thoughts?
>
>
> ____________________________________________________________________________________
> Never miss a thing. Make Yahoo your home page.
> http://www.yahoo.com/r/hs
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: j_security_check
Posted by Konstantin Kolinko <kn...@gmail.com>.
You do
1) GET call
> int_result = httpClient.executeMethod( getMethod );
The server caches your request and returns html page that contains the
login form.
2) POST call
> postMethod = new PostMethod( "https://localhost:8444/j_security_check" );
> int_result = httpClient.executeMethod( postMethod );
You imitate posting the login form. If the credentials are OK, tomcat answers
with a redirect to the original requested address (1).
response.sendRedirect(response.encodeRedirectURL(requestURI));
3) When the next request comes, its url is compared against the one
that was requested at the first time. If there is a match, the
_original_ request is restored and processed, but the current one is
ignored.
Thus your second POST is ignored and a cached copy of the first GET is
used instead.
You may want to look in the sources of
org.apache.catalina.authenticator.FormAuthenticator that does the
trick.
It is by design. I do not know what was wrong with 5.0 that your code
was working there.
You should change your code so that all the information be included
with the first call to TestServlet.
And the second call to the TestServlet can be changed to be a simple
GET, with no parameters. Or may be you can throw it away at all, if
you set "postMethod.setFollowRedirects(true);" on your post to
j_security_check.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: j_security_check
Posted by Martin Gainty <mg...@hotmail.com>.
Tough to say without seeing the source..
Can we see the code for GetMethod.java ?
Can we see the code for PostMethod.javaMartin ______________________________________________Disclaimer and confidentiality noteEverything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission.> Date: Sat, 2 Feb 2008 19:38:29 -0800> From: ashok_av@yahoo.com> Subject: j_security_check> To: users@tomcat.apache.org> > Hi,> I have the following code in a scheduler class, which is trying to invoke a servlet> > String url = "https://localhost:8444/servlet/TestServlet";> > // Get HTTP client instance> HttpClient httpClient = new HttpClient();> // Create HTTP GET method and execute it> > GetMethod getMethod = null;> PostMethod postMethod = null;> > int int_result = 0;> getMethod = new GetMethod( url );> getMethod.setFollowRedirects(true);> int_result = httpClient.executeMethod( getMethod );> String contents = getMethod.getResponseBodyAsString();> getMethod.releaseConnection();> > postMethod = new PostMethod( "https://localhost:8444/j_security_check" );> postMethod.addParameter( "j_username", "test" );> postMethod.addParameter( "j_password", "test" );> int_result = httpClient.executeMethod( postMethod );> contents = postMethod.getResponseBodyAsString();> postMethod.releaseConnection();> > postMethod = new PostMethod( url );> postMethod.addParameter( "Password", "foo" );> int_result = httpClient.executeMethod( postMethod );> > ----------> At this point when the test servlet is called, the parameter password is null. > getParameter always returns null> getMethod returns GET when it should be post > It seems that the POST is behaving like a GET. > > This code works just fine on tomcat 5.0. After upgrading to 6.0, i am seeing this bizarre behaviour> > Any thoughts?> > > ____________________________________________________________________________________> Never miss a thing. Make Yahoo your home page. > http://www.yahoo.com/r/hs
_________________________________________________________________
Shed those extra pounds with MSN and The Biggest Loser!
http://biggestloser.msn.com/