You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Louise Pryor <li...@louisepryor.com> on 2003/09/03 16:24:14 UTC

j_security_check gets a 404 error

Hi

I'm having a problem using form-based authentication. It all works
fine with standalone Tomcat, but goes pear shaped on Apache with
Tomcat. It seems to be the same problem that is described in
http://www.mail-archive.com/struts-user@jakarta.apache.org/msg43091.html
(but I think it's more a Tomcat thing than a struts thing).

Basically, I'm using the securityfilter filter from
http://www.securityfilter.org/. I have a login.jsp that submits a form
to j_security_check in the usual way. The only trouble is that Apache
comes back with an Apache 404 on /path-to-login.jsp/j_security_check.  It is
clearly not passing j_security_check through to Tomcat to handle.

The URL at the top of this message suggests passing all requests
through to Tomcat (at least I think that's what it means - it uses
mod_jk, and I'm using mod_jk2, which I'm not totally expert at
anyway). First, that doesn't seem to work for me, and second, although
I could configure things that way on my local setup it's not a
realistic option for deployment, where I'm on a shared server.

The support guy at my hosting service suggested making the target of
the form /servlet/j_security_check, which at least gets it through to
Tomcat --- which then gives me a 404. Obviously this is right, because
I have no servlet mapping that would pick it up.

So is there a way of defining a servlet mapping (or indeed any other
element in web.xml) that would push things through to the right place?

Alternatively is there any way of doing this programmatically? Could I
send the form into a servlet which could then forward or redirect to
j_security_check directly, without going through Apache? If so, how?

Thanks for any help on this.

-- 
Louise Pryor                         
http://www.louisepryor.com

Re: j_security_check gets a 404 error

Posted by Louise Pryor <li...@louisepryor.com>.
On Thursday, September 4, 2003 at 6:36:38 AM, Bill Barker wrote:

BB> You need to add j_security_check to the URIs that get passed to Tomcat.  I
BB> don't use Jk2 myself, but if your version is recent enough, I believe that
BB> you can even use:
BB>    /*/j_security_check ajp13

Thanks. I have eventually got this sorted out.   My problems were due
to not really understanding how things worked, and not getting my
local setup close enough to the setup on my host.

The final solution:  set the target of the login form to
/servlet/j_security_check.

Apache maps /servlet/* to Tomcat (at least it does now I've changed
the setup, and it always did on my host).

The request is then picked up by the SecurityFilter,  which looks for
j_security_check on the end of the request. Bingo!

This solution has not involved changing the URLs that are passed to
Tomcat, which was one of the aims.  And hasn't involved anything fancy
in the webapp either, which is another plus.


BB> If I'm wrong (and that doesn't work), simply put the full path to
BB> j_security_check.

BB> "Louise Pryor" <li...@louisepryor.com> wrote in message
BB> news:129774157890.20030903152414@louisepryor.com...
>> Hi
>>
>> I'm having a problem using form-based authentication. It all works
>> fine with standalone Tomcat, but goes pear shaped on Apache with
>> Tomcat. It seems to be the same problem that is described in
>> http://www.mail-archive.com/struts-user@jakarta.apache.org/msg43091.html
>> (but I think it's more a Tomcat thing than a struts thing).
>>
>> Basically, I'm using the securityfilter filter from
>> http://www.securityfilter.org/. I have a login.jsp that submits a form
>> to j_security_check in the usual way. The only trouble is that Apache
>> comes back with an Apache 404 on /path-to-login.jsp/j_security_check.  It
BB> is
>> clearly not passing j_security_check through to Tomcat to handle.
>>
>> The URL at the top of this message suggests passing all requests
>> through to Tomcat (at least I think that's what it means - it uses
>> mod_jk, and I'm using mod_jk2, which I'm not totally expert at
>> anyway). First, that doesn't seem to work for me, and second, although
>> I could configure things that way on my local setup it's not a
>> realistic option for deployment, where I'm on a shared server.
>>
>> The support guy at my hosting service suggested making the target of
>> the form /servlet/j_security_check, which at least gets it through to
>> Tomcat --- which then gives me a 404. Obviously this is right, because
>> I have no servlet mapping that would pick it up.
>>
>> So is there a way of defining a servlet mapping (or indeed any other
>> element in web.xml) that would push things through to the right place?
>>
>> Alternatively is there any way of doing this programmatically? Could I
>> send the form into a servlet which could then forward or redirect to
>> j_security_check directly, without going through Apache? If so, how?
>>
>> Thanks for any help on this.
>>
>> -- 
>> Louise Pryor
>> http://www.louisepryor.com




BB> ---------------------------------------------------------------------
BB> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
BB> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




-- 
Louise Pryor
http://www.louisepryor.com

Re: j_security_check gets a 404 error

Posted by Bill Barker <wb...@wilshire.com>.
You need to add j_security_check to the URIs that get passed to Tomcat.  I
don't use Jk2 myself, but if your version is recent enough, I believe that
you can even use:
   /*/j_security_check ajp13

If I'm wrong (and that doesn't work), simply put the full path to
j_security_check.

"Louise Pryor" <li...@louisepryor.com> wrote in message
news:129774157890.20030903152414@louisepryor.com...
> Hi
>
> I'm having a problem using form-based authentication. It all works
> fine with standalone Tomcat, but goes pear shaped on Apache with
> Tomcat. It seems to be the same problem that is described in
> http://www.mail-archive.com/struts-user@jakarta.apache.org/msg43091.html
> (but I think it's more a Tomcat thing than a struts thing).
>
> Basically, I'm using the securityfilter filter from
> http://www.securityfilter.org/. I have a login.jsp that submits a form
> to j_security_check in the usual way. The only trouble is that Apache
> comes back with an Apache 404 on /path-to-login.jsp/j_security_check.  It
is
> clearly not passing j_security_check through to Tomcat to handle.
>
> The URL at the top of this message suggests passing all requests
> through to Tomcat (at least I think that's what it means - it uses
> mod_jk, and I'm using mod_jk2, which I'm not totally expert at
> anyway). First, that doesn't seem to work for me, and second, although
> I could configure things that way on my local setup it's not a
> realistic option for deployment, where I'm on a shared server.
>
> The support guy at my hosting service suggested making the target of
> the form /servlet/j_security_check, which at least gets it through to
> Tomcat --- which then gives me a 404. Obviously this is right, because
> I have no servlet mapping that would pick it up.
>
> So is there a way of defining a servlet mapping (or indeed any other
> element in web.xml) that would push things through to the right place?
>
> Alternatively is there any way of doing this programmatically? Could I
> send the form into a servlet which could then forward or redirect to
> j_security_check directly, without going through Apache? If so, how?
>
> Thanks for any help on this.
>
> -- 
> Louise Pryor
> http://www.louisepryor.com