You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Adam Hardy <ah...@cyberspaceroad.com> on 2003/10/13 18:26:21 UTC
servlet mappings and security constraints with j_security_check
I am getting the familiar status 400 - invalid direct reference, and yet
I am absolutely not surfing to the login page myself.
This is the page I am on:
https://localhost:8443/mywebapp/registerdone.do
and this is the link I am using:
https://localhost:8443/mywebapp/private/editprofile.do
This mapping is protected by my security constraints (/private/) and so
tomcat invokes the j_security_check form, and on submission tomcat gives
me the 400 status invalid direct reference.
I have the login form and the login error form SSL encrypted.
It works fine for non-HTTPS links.
Here's the web.xml snippet:
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL 4 Login</web-resource-name>
<url-pattern>/ssllogin.html</url-pattern>
<url-pattern>/sslerror.html</url-pattern>
</web-resource-collection>
<user-data-constraint>
<description>SSL required</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/private/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>BlackSailRealm</realm-name>
<form-login-config>
<form-login-page>/ssllogin.html</form-login-page>
<form-error-page>/sslerror.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>
Does anyone know what I am doing wrong, or has seen this error too?
Thanks
Adam
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org