This week's book giveaway is in the Jython/Python forum.
We're giving away four copies of Murach's Python Programming and have Michael Urban and Joel Murach on-line!
See this thread for details.
Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

j_security_check error issue in from based authentication  RSS feed

 
sikandar siddiqui
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i am facing an issue in tomcat authentication by j_security_check for form based method.....
even after my user and pass is correct..then also i am redirected to error page......
 
Stefan Evans
Bartender
Posts: 1834
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
uhuh.

Please Tell The Details.

We're not psychic. Unless you include some information about how you have configured your web application, what your login page looks like and if there are any error messages in the log, there is not much we can do.
 
sikandar siddiqui
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Stefan,

i am providing the details,


my tomcat-user.xml mentioned below:-
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<tomcat-users>
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<!--
NOTE: The sample user and role entries below are wrapped in a comment
and thus are ignored when reading this file. Do not forget to remove
<!.. ..> that surrounds them.
-->

<role rolename="tomcat"/>
<role rolename="role1"/>


<role rolename="AdminRole"/>
<role rolename="UserRole"/>

<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>

<user username="user" password="user1" roles="UserRole"/>
<user username="admin" password="admin1" roles="AdminRole"/>
</tomcat-users>

project name is Web ApplicationSecurity:

web.xml file is as follows:-
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<security-constraint>
<display-name>AdminConstraint</display-name>
<web-resource-collection>
<web-resource-name>Admin</web-resource-name>
<description/>
<url-pattern>/secureAdmin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>AdminRole</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>UserConstraint</display-name>
<web-resource-collection>
<web-resource-name>User</web-resource-name>
<description/>
<url-pattern>/secureUser/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>UserRole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Users added to this role have access to the secureAdmin directory of the server</description>
<role-name>AdminRole</role-name>
</security-role>
<security-role>
<description>Users added to this role have access to the secureUser directory of the server.</description>
<role-name>UserRole</role-name>
</security-role>
</web-app>


LOGIN PAGE is as follows:-
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<h1>Hello SIKANDAR!</h1>
<form action="j_security_check" method="POST">
Username:<input type="text" name="j_username"><br>
Password:<input type="password" name="j_password">
<input type="submit" value="Login">
</form>
</body>
</html>

ERROR PAGE IS AS FOLLOWS:-
<html>
<head>
<title>Login Test: Error logging in</title>
</head>
<body>
<h1>Error Logging In SIKANDAR TRY AGAIN :( </h1>
<br/>
</body>
</html>


i am using apache tomcat server 7.0.27.0 and NETBEANS IDE 7.2
then by above configuration i should be able to login :-
but i am redirected to error page:-
Error Logging In SIKANDAR TRY AGAIN :(


please help.....





 
Stefan Evans
Bartender
Posts: 1834
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Suggestion: Go back and read Tell the details again.
You're not making it easy/convenient for us to help you.

It is also possible to provide too much extra information. For example, if you have a 500 line program, go through it and only post the relevant pieces. Try to narrow your problem down as much as possible.

You've just copied/pasted entire swathes of code, most of which is irrelevant (for instance the apache copyright license could have been omitted)
Putting it in code tags would help as well.

For example:

Relevant tomcat-users.xml config


Relevant security stuff from Web.xml:


Loginpage - presumably the login.jsp mentioned above:


That configuration looks pretty standard, so it should just work.
As far as I understand it, there are two security domains - one for users and one for admins.
(which would have been useful for YOU to explain, rather than me having to figure it out from reading your config)

So my next questions would be how are you setting this up?

What URL are you going to to bring up the login page? One under "/secureAdmin" or "/secureUser" ?
What username/password combination are you entering?
 
sikandar siddiqui
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
after ruuning the above project....

it gives us to link
1st one for "Admin" which "adminrole" roles users can only access
and 2nd one for "Users" which "userrole" roles users can only access

i am giving usrname and pass as folllows
U: user,admin
P: user1,admin1


for secure admin user admin and pass amin1 should be redirected to adminsecure area...but instead it is being redirected to error page ...whatever may the password i provide.

the same case is for Usersecure.....

please suggest

 
Stefan Evans
Bartender
Posts: 1834
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you give an example of the url you are navigating to that brings up the login page?
Are there any error messages in the logs?
 
sikandar siddiqui
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i am accessing url http://localhost:8084

and then i am redirected to page as follows:-

-----------------page---------------------------------
Hello World!

Request a secure Admin page here!

Request a secure User page here!
-----------------page---------------------------------

and there is are no errors in the apache log



 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!