You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Fabio Bazzani <si...@grisnet.it> on 2003/09/05 19:57:27 UTC

tomcat 4.1.27: Realm authentication 400 error code

How is it possible I get this message:

HTTP Status 400 - Invalid direct reference to form login page

during JDBC Realm FORM authentication.

These are the stpes I followed :


1. create tables in mysql db :

        create table IsInRole(
            username    varchar(20) not null,
            userrole    varchar(10) not null,
            primary key(username,userrole)
        );

        create table usertable(
            username    varchar(20) not null,
            userpwd        varchar(10) ,
            ....
            ...
            primary key (username)
        );

2. in server.xml

      <Realm className="org.apache.catalina.realm.JDBCRealm" 
          debug="99"
             driverName="org.gjt.mm.mysql.Driver"
            connectionURL="jdbc:mysql://localhost/mydb"
           connectionName="username" 
           connectionPassword="password"
             userTable="usertable" 
             userNameCol="username" 
             userCredCol="userpwd"
            userRoleTable="IsInRole" 
            roleNameCol="userrole" />



3.  always in server.xml, commented out :
    <!--
              <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                 debug="0" resourceName="UserDatabase"/>
    -->
4. created webapps/logIn/login.jsp with:

    <form name="form1" method="post" action="j_security_check">
           <input name="j_username" type="text" id="login" maxlength="16" size="20" >
           <input name="j_password" type="password" id="password" maxlength="10" size="20">
           <input type="submit" value="log in" name="action">
           <input type="reset" value="pulisci" name="action"></p>
   </form>

5. in web.xml :

  <security-constraint>
       <web-resource-collection>
        <web-resource-name>test</web-resource-name>
            <url-pattern>/protected/*</url-pattern>

            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>

      </web-resource-collection>

       <auth-constraint>
            <role-name>myrole</role-name>
       </auth-constraint>

  </security-constraint>

  <login-config>
   <auth-method>FORM</auth-method>
   <realm-name>authentication test</realm-name>
   <form-login-config>
    <form-login-page>/logIn/logIn.jsp</form-login-page>
    <form-error-page>/logIn/logIn-error.jsp</form-error-page>
   </form-login-config>
  </login-config>


when I try to go to "/protected/index.jsp" I have to pass the login.jsp and when I authenticate I get 400 error code ? what's wrong ?

thank you

FB