• Post Reply Bookmark Topic Watch Topic
  • New Topic

j_security_check 404 error  RSS feed

 
Aparna Iyer
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am new to this forum although I have been lurking around for while

I have a question about j_security_check.

I am working in Apache Tomcat server and I want to set up form based authentication. So I used j_security_check and I get an error 404 j_security_check page not found.

I am not sure how this is supposed to work.
1. Am I supposed to load the secured pages before I login and j_security_check should send me to the login.jsp page?
Or should I start with teh login.jsp page and if my login is incorrect, then I cannot load any page? (until I login correctly)

I always get 404 j_sedurity_check not found when I try to click submit button in login.jsp page and when I try to open other pages (even without login) I am able to open.

Can you please help me?

Should I register j_security_check in web.xml, if yes, please tell me how and give me a sample, please........


Here's my code:

web.xml

<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>STK</web-resource-name>
<url-pattern>/*.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>customer</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/logi</form-login-config>
</login-config>

I am in the list of user in tocat-users.xml

My login.jsp
<form action="Servlet.j_security_check" method="POST">

<center>
<table cellpadding=4 cellspacing=2 border=0>

<th bgcolor="#CCCCFF" colspan=2>
<font size=5>Business Owner Login</font>
<br>
<font size=1><sup>*</sup> Required Fields</font>
</th>

<tr bgcolor="Aqua">
<td valign=top>
<b>User ID<sup>*</sup></b>
<br>
<td valign=top>
<input type="text" name="j_username"></td>
<td valign=top>
<b>Password<sup>*</sup></b>
<br>
<td valign=top>
<input type="password" name="j_password" value="" size=15 maxlength=20></td>
<td valign=top>
</tr>

<tr bgcolor="#c8d8f8">
<td align=center colspan=2>
<input type="submit" value="Log In">
</td>
</tr>

</TABLE>

</BODY>
</HTML>
 
Yuriy Zilbergleyt
Ranch Hand
Posts: 429
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In your web.xml, did you make sure that the <webapp> is declared as using the Servlet 2.4 spec?

-Yuriy
 
Aparna Iyer
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

No, I don't know how to code that in web.xml? Can you kindly help me, please.

TIA
 
Narendra Dhande
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

<form action="Servlet.j_security_check" method="POST">


I think it should be

<form action="j_security_check" method="POST">

thanks
 
Narendra Dhande
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Also, you must define <security-role> element to work the authentication correctly, though you have defined user in tomcat-users.xml

Thanks
 
satishkumar janakiraman
Ranch Hand
Posts: 334
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
In the following snippet, <realm-name/> is not required for Form authentication. It is required only for Basic authentication



The main disadvantage of Form based authentication is , It should be used only when a session is maintained using cookies or HTTPS.

so try to maintain a session and then try this authentication method. I hope it will help you
bye for now
sat
 
Yuriy Zilbergleyt
Ranch Hand
Posts: 429
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, I don't know how to code that in web.xml? Can you kindly help me, please.

First, I think Narendra is right, the action should just be "j_security_check".

The following is how I start my web.xml files, but that may only be necessary if you use EL or other Servlet 2.4/JSP 2.0 features.



-Yuriy
[ August 04, 2005: Message edited by: Yuriy Zilbergleyt ]
 
Aparna Iyer
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I have an update on this.

I was able to get this to work (one step, I think) by changing *.jsp in web.xml to \*.

Now if I load a page, it takes me to login.jsp and if I login, I get the following problem:


When I load any page, it takes to login.jsp and I enter the user id and password and if it is correct, it takes me to some image (this is one of the images in the images folder that I have). I have no clue why it goes to that always, when login is successful. It doesn't go to the originally requested page.

What do I have tyo set up to make that happen (meaning if I start with one_two.jsp, it takes me to login.jsp and after I login, I want one_two.jsp to come automatically? How to do that?)

Thanks in advance.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!