• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Form based authentication fails with j_security_check in the URL

 
nahusha narasimha
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I am facing an issue with form based authentication.
When I access the secured URL, I am thrown the login.html which is configured in web.xml. The login.html's form method and action is POST and j_security_check
After I enter the valid userid and password, the browser redirects to this URL : http://localhost:8080/myapp/j_security_check
Furthermore it displays the error.html that is specified in the web.xml.

BASIC is working just fine. Not sure what I'm doing wrong with FORM based.

Can someone please help.

Thanks,
Nash
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18277
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you show us the basics of your login form? We don't need any fancy decorations or anything, but seeing what your fundamental page elements are would be very helpful.

Also we need to see the parts of your web.xml that define form-based authentication.
 
nahusha narasimha
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is what my login form looks like




And this is my web.xml

 
Tim Holloway
Saloon Keeper
Pie
Posts: 18277
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So far, so good, I think. What does your Realm configuration in Tomcat look like?
 
nahusha narasimha
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Realm configuration in server.xml is as follows :

and the path to UserDatabase is conf/tomcat-users.xml
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18277
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you verify that:

1. The Realm isn't commented out (like it is in the original server.xml that ships with Tomcat)?

2. You have a role name of "manager" defined in the tomcat-users.xml file?

3. The file tomcat-users.xml can be read by the Tomcat user?

4. There aren't any strange messages in the logs (catalina.out or localhost-xxxxxx)?
 
nahusha narasimha
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1. The Realm isn't commented out.
2.
3. Tomcat-users.xml can be read by the tomcat user. BASIC authn works fine.
4. There are no weird logs in the two files. Of course the logging level is the default one specified in logging.properties. I could change this and give it a try.

One more thing, I have to mention. I am trying to run this example in eclipse. I am using the tomcat defined as a server in eclipse.
Will try by creating a war of this project and deploying on a standalone tomcat.

 
Tim Holloway
Saloon Keeper
Pie
Posts: 18277
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are at least 2 ways to run Tomcat in Eclipse.

The most common is to use WTP, which is bundled as part of the J2EE edition of Eclipse. WTP is an abomination. It clones parts of your Tomcat configuration and it does so imperfectly. This is quite likely to be what your problem is.

I use the independent sysdeo Tomcat plugin myself. It uses the actual Tomcat configuration and causes less wear and tear on my sanity.
 
nahusha narasimha
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
After deploying it as a WAR on tomcat, the authn succeeds Guess the WTP tomcat was the culprit.
Thanks Tim for your time and help. Will try sysdeo from now on
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic