j_security_check 404 not found

[Joe A <jo...@gmail.com>]

 if i redeploy my webapp and try to access a protected page, it will show
the login
screen but after clicking login it just reloads the login page instead
of sending me to the protected page.  if i reload the login page it will
give me access
to the page i wanted.  if i fill in user/pass and hit login a 2nd time it
shows:

HTTP Status 404 - /j_security_check

type Status report

message /j_security_check

description The requested resource (/j_security_check) is not available.
Apache Tomcat/5.5.20

Re: j_security_check 404 not found

[Joe A <jo...@gmail.com>]

actually the issue was happening whenever i closed down jboss and restarted
it and tried to access a protected page.  i determined the issue was because
there was a cached copy of one of the pages, so i set the headers on all my
jsp's (including the login jsp) to not allow caching and now the error never
happens
-joe

On 5/1/07, David Smith <dn...@cornell.edu> wrote:
>
> I'm suspecting you either link to /j_security_check or manually forward
> there from your pages.  Pages in your web project shouldn't ever link to
> it except the login form and even then only in the action attribute of
> the form tag.  Tomcat will take control when it sees a client trying to
> access a protected resource without a valid session and return the login
> page.  Your code doesn't have to ever do that.
>
> --David
>
> Joe A wrote:
> > if i redeploy my webapp and try to access a protected page, it will show
> > the login
> > screen but after clicking login it just reloads the login page instead
> > of sending me to the protected page.  if i reload the login page it will
> > give me access
> > to the page i wanted.  if i fill in user/pass and hit login a 2nd time
> it
> > shows:
> >
> > HTTP Status 404 - /j_security_check
> >
> > type Status report
> >
> > message /j_security_check
> >
> > description The requested resource (/j_security_check) is not available.
> > Apache Tomcat/5.5.20
> >
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: j_security_check 404 not found

[David Smith <dn...@cornell.edu>]

I'm suspecting you either link to /j_security_check or manually forward 
there from your pages.  Pages in your web project shouldn't ever link to 
it except the login form and even then only in the action attribute of 
the form tag.  Tomcat will take control when it sees a client trying to 
access a protected resource without a valid session and return the login 
page.  Your code doesn't have to ever do that.

--David

Joe A wrote:
> if i redeploy my webapp and try to access a protected page, it will show
> the login
> screen but after clicking login it just reloads the login page instead
> of sending me to the protected page.  if i reload the login page it will
> give me access
> to the page i wanted.  if i fill in user/pass and hit login a 2nd time it
> shows:
>
> HTTP Status 404 - /j_security_check
>
> type Status report
>
> message /j_security_check
>
> description The requested resource (/j_security_check) is not available.
> Apache Tomcat/5.5.20
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: j_security_check 404 not found

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joe,

Joe A wrote:
> if i redeploy my webapp and try to access a protected page, it will show
> the login
> screen but after clicking login it just reloads the login page instead
> of sending me to the protected page.

That's weird. Are you sure something else isn't going wrong? (Uhh... you
/do/ have the username and password right, right?)

> if i reload the login page it will
> give me access
> to the page i wanted.

Also kinda weird. Are you using cookies and/or URL rewriting? Don't
forget that the form submission to j_security_check needs to be run
through HttpServletResponse.encodeURL.

> if i fill in user/pass and hit login a 2nd time it
> shows:
> 
> HTTP Status 404 - /j_security_check

Yeah, Tomcat isn't set up to allow logins whenever the user wants. It's
strictly REQUEST -> CHALLENGE -> LOGIN -> RESPONSE. If you try to
re-login, Tomcat pretends that j_security_check isn't a valid request.
Kinda stupid IMHO but that's all the servlet spec requires, so that's
all that implemented.

This "feature" is one of the reasons that I switched to SecuriryFilter
(http://securiryfilter.sourceforge.net/). This package tolerates
unexpected logins and is quite extensible.

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGN3hr9CaO5/Lv0PARAlTKAJ94gd4NNzmqppoOqY9bWkqSmOo1PgCgiFHA
ylp2B02mDtRR7L8fLJIAW98=
=ZS4v
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org