Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

j_security_check

 
Jherald Lacambra
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
im using tomcat 5.5.15, set up the realm in server.xml, set up security config on WEB-INF/web.xml (using form based login).. but it seems tomcat does not look for the users in my database(postgre).. it always go to error.jsp even if i entered the correct username and password to login. i cannot view other pages. any help would be appreciated

thanks
jhe
 
Yogendra Joshi
Ranch Hand
Posts: 213
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jherald ,

Below is an extract from the book which i refer to.. It explains why the situation like which you encounterd happens and what needs to be done to solve it.

Here's it..


Tomcat 5 incorrectly handles the combination of FORM-based authentication and
HTTP POST requests for protected resources, and the example application reveals this flaw. Tomcat
authenticates the user as expected but calls the doGet() method on the resource instead of
doPost(). This means the page you see will be the same as that for the unsecured access. In order to
see the correct page, switch the <auth-method> to BASIC and restart Tomcat. Use a new browser
window to access http://localhost:8080/chapter09-declarative/posttest.html. After
submiting the form, and authenticated with bob and bbb as the user ID and password, you
should see the correct page.

Hope this helps you.. Let me know if it works..

Yogendra Joshi.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic