You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Michael Teter <mt...@gmail.com> on 2008/04/15 13:30:23 UTC
that old problem - Invalid direct reference to form login page
Howdy.
I've just spent two hours Googling, Yahooing, and searching the Tomcat list
for a fix for this problem:
PROBLEM (with steps leading to)
I attempt to access a private page (myview.jsp)
Tomcat 5.5 properly sends me to login.jsp
I enter my username/password, submit, and my JNDIRealm LDAP lookup is made
I get the error page:
HTTP Status 400 - Invalid direct reference to form login page
This is a pretty simple case. Everything I've seen on forums related to
this problem focus on the idea that the user has directly requested the
login page. I absolutely haven't done that.
I've tried adding some stuff to the top of the login.jsp (as per a
suggestion on one of the Sun forums) to send the request elsewhere if the
session exists. I've explored a lot of things, but it still makes no sense
to me.
My best guess is that there's something wrong with my Realm definition in
server.xml, or in my security stuff in web.xml. So for reference, here are
the interesting bits of each:
----- server.xml ----
<Context path="/ui2"
docBase="C:\work\ui2"
privileged="true"
reloadable="true"
cookies="true"
debug="true">
<Realm className = "org.apache.catalina.realm.JNDIRealm"
debug = "99"
connectionURL = "ldap://192.168.223.129:3268"
connectionName = "vm2003\ldapqueryuser"
connectionPassword = "supersecret"
referrals = "follow"
userBase = "dc=vm2003,dc=local"
userSearch = "(sAMAccountName={0})"
userSubtree = "true"
digest = "MD5"
roleBase = "dc=vm2003,dc=local"
roleName = "cn"
roleSubtree = "true"
roleSearch = "(member={0})"
/> <!-- end of realm -->
...
/> <!-- end of context -->
----- web.xml ----
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ui2users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-failure.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>ui2users</role-name>
</security-role>
...
__________________
I've spent time in book on safari.oreilly, reading countless tutorials and
docs online, and I'm at a dead end.
I surely hope someone see's where I've made a mistake.
Thanks,
Michael
Re: that old problem - Invalid direct reference to form login page
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael,
Michael Teter wrote:
| <form method="POST" action="j_security_check">
You should always do:
<form method="POST" action="<%=
response.encodeURL(request.getContextPath() + "/j_security_check")) %>">
You should always include the context path in URLs.
You should always run your URLs through response.encodeURL so that the
session id is encoded in the URL if the user isn't using cookies.
Otherwise, logins never work when cookies are not being used.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgGQggACgkQ9CaO5/Lv0PD1FQCfaXXjRMBsCikW65hkCPhwbFeh
0dsAoJ+FFHynG4eWytwTCZHzSqZAPmXf
=vSBo
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: that old problem - Invalid direct reference to form login page
Posted by Michael Teter <mt...@gmail.com>.
Here's the login.jsp
<html>
<head>
<title>Realm Login</title>
</head>
<body>
<h2>JNDIRealm (LDAP) Login</h2>
<p>Current User: <%= request.getUserPrincipal() %></p>
<form method="POST" action="j_security_check">
<input type="text" name="j_username"> <br>
<input type="password" name="j_password"><br>
<input type="submit">
</form>
</body>
</html>
On Tue, Apr 15, 2008 at 7:40 AM, Caldarale, Charles R <
Chuck.Caldarale@unisys.com> wrote:
> > From: Michael Teter [mailto:mt.devlist@gmail.com]
> > Subject: that old problem - Invalid direct reference to form
> > login page
> >
> > This is a pretty simple case. Everything I've seen on forums
> > related to this problem focus on the idea that the user has
> > directly requested the login page. I absolutely haven't done that.
>
> No, but your login.jsp may well have. Posting that would help.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
RE: that old problem - Invalid direct reference to form login page
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Michael Teter [mailto:mt.devlist@gmail.com]
> Subject: that old problem - Invalid direct reference to form
> login page
>
> This is a pretty simple case. Everything I've seen on forums
> related to this problem focus on the idea that the user has
> directly requested the login page. I absolutely haven't done that.
No, but your login.jsp may well have. Posting that would help.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org