You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by BB...@sjm.com on 2002/06/28 17:51:38 UTC
j_security_check is not found
Hi,
I am using FORM-BASED authentication. When a user accesses the secured area
the first time, the login form is loaded and authentication works fine.
However, if he/she happens to click on the "Back" button, go to the Login
form and logs in again (the second time for this session), she gets 404
error and the page that can not be found is login/j_security_check.
Can anyone tell me what I should do or where to look? In the
localhost_access_log, this is the log for the first authentication:
127.0.0.1 - - [28/Jun/2002:10:48:28 -0600] "POST /security/j_security_check
HTTP/1.1" 302 647
this is log for the second attempt:
127.0.0.1 - csdsfwt [28/Jun/2002:10:48:41 -0600] "POST
/security/j_security_check HTTP/1.1" 200 2336
As you can see, the second attempt showed the user's name used to
authenticate the first login.
What do you think this means?
Thanks very much.
Bao-Ha Dam Bui
bbui@sjm.com
S. Jude Medical, Inc
651.765.1018
Re: j_security_check is not found
Posted by Eric Everman <ev...@precedadesign.com>.
I can't think of any other way for a server to handle this - the user will
just have to live with the error page or navigate around it.
When a user attempts to access a protected resource, they are forwarded to
the login page which posts to j_security_check. If the login is
successful, j_security_check redirects the user to the originally request
resource. If there is no 'originally request resource' because the user is
attempting to access j_s_c directly, there is no place for j_s_c to
redirect to - I'm guessing this is why it sends back the 404 error response.
Most browsers warn the user if they need to re-post information in order to
'go back' since post means that you are *changing* something on the server
as a result of your action - in this case logging in, in other cases
placing a second purchase order for 1000 shares of your favorite stock.
In short, tell this person not to ignore the 're-post' warning. Some
things aren't as good the second time ;-)
Eric Everman
At 10:51 AM 6/28/2002, you wrote:
>Hi,
>
>I am using FORM-BASED authentication. When a user accesses the secured area
>the first time, the login form is loaded and authentication works fine.
>However, if he/she happens to click on the "Back" button, go to the Login
>form and logs in again (the second time for this session), she gets 404
>error and the page that can not be found is login/j_security_check.
>
>Can anyone tell me what I should do or where to look? In the
>localhost_access_log, this is the log for the first authentication:
>
>127.0.0.1 - - [28/Jun/2002:10:48:28 -0600] "POST /security/j_security_check
>HTTP/1.1" 302 647
>
>this is log for the second attempt:
>
>127.0.0.1 - csdsfwt [28/Jun/2002:10:48:41 -0600] "POST
>/security/j_security_check HTTP/1.1" 200 2336
>
>As you can see, the second attempt showed the user's name used to
>authenticate the first login.
>
>What do you think this means?
>
>Thanks very much.
>
>Bao-Ha Dam Bui
>bbui@sjm.com
>S. Jude Medical, Inc
>651.765.1018
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>