You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Joe A <jo...@gmail.com> on 2007/05/01 18:07:16 UTC
j_security_check 404 not found
if i redeploy my webapp and try to access a protected page, it will show
the login
screen but after clicking login it just reloads the login page instead
of sending me to the protected page. if i reload the login page it will
give me access
to the page i wanted. if i fill in user/pass and hit login a 2nd time it
shows:
HTTP Status 404 - /j_security_check
type Status report
message /j_security_check
description The requested resource (/j_security_check) is not available.
Apache Tomcat/5.5.20
Re: j_security_check 404 not found
Posted by Joe A <jo...@gmail.com>.
actually the issue was happening whenever i closed down jboss and restarted
it and tried to access a protected page. i determined the issue was because
there was a cached copy of one of the pages, so i set the headers on all my
jsp's (including the login jsp) to not allow caching and now the error never
happens
-joe
On 5/1/07, David Smith <dn...@cornell.edu> wrote:
>
> I'm suspecting you either link to /j_security_check or manually forward
> there from your pages. Pages in your web project shouldn't ever link to
> it except the login form and even then only in the action attribute of
> the form tag. Tomcat will take control when it sees a client trying to
> access a protected resource without a valid session and return the login
> page. Your code doesn't have to ever do that.
>
> --David
>
> Joe A wrote:
> > if i redeploy my webapp and try to access a protected page, it will show
> > the login
> > screen but after clicking login it just reloads the login page instead
> > of sending me to the protected page. if i reload the login page it will
> > give me access
> > to the page i wanted. if i fill in user/pass and hit login a 2nd time
> it
> > shows:
> >
> > HTTP Status 404 - /j_security_check
> >
> > type Status report
> >
> > message /j_security_check
> >
> > description The requested resource (/j_security_check) is not available.
> > Apache Tomcat/5.5.20
> >
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: j_security_check 404 not found
Posted by David Smith <dn...@cornell.edu>.
I'm suspecting you either link to /j_security_check or manually forward
there from your pages. Pages in your web project shouldn't ever link to
it except the login form and even then only in the action attribute of
the form tag. Tomcat will take control when it sees a client trying to
access a protected resource without a valid session and return the login
page. Your code doesn't have to ever do that.
--David
Joe A wrote:
> if i redeploy my webapp and try to access a protected page, it will show
> the login
> screen but after clicking login it just reloads the login page instead
> of sending me to the protected page. if i reload the login page it will
> give me access
> to the page i wanted. if i fill in user/pass and hit login a 2nd time it
> shows:
>
> HTTP Status 404 - /j_security_check
>
> type Status report
>
> message /j_security_check
>
> description The requested resource (/j_security_check) is not available.
> Apache Tomcat/5.5.20
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: j_security_check 404 not found
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joe,
Joe A wrote:
> if i redeploy my webapp and try to access a protected page, it will show
> the login
> screen but after clicking login it just reloads the login page instead
> of sending me to the protected page.
That's weird. Are you sure something else isn't going wrong? (Uhh... you
/do/ have the username and password right, right?)
> if i reload the login page it will
> give me access
> to the page i wanted.
Also kinda weird. Are you using cookies and/or URL rewriting? Don't
forget that the form submission to j_security_check needs to be run
through HttpServletResponse.encodeURL.
> if i fill in user/pass and hit login a 2nd time it
> shows:
>
> HTTP Status 404 - /j_security_check
Yeah, Tomcat isn't set up to allow logins whenever the user wants. It's
strictly REQUEST -> CHALLENGE -> LOGIN -> RESPONSE. If you try to
re-login, Tomcat pretends that j_security_check isn't a valid request.
Kinda stupid IMHO but that's all the servlet spec requires, so that's
all that implemented.
This "feature" is one of the reasons that I switched to SecuriryFilter
(http://securiryfilter.sourceforge.net/). This package tolerates
unexpected logins and is quite extensible.
Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGN3hr9CaO5/Lv0PARAlTKAJ94gd4NNzmqppoOqY9bWkqSmOo1PgCgiFHA
ylp2B02mDtRR7L8fLJIAW98=
=ZS4v
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org