|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Generate data entry and reporting .NET Web apps in minutes, straight from your database. Read our FREE whitepaper “Build Web 2.0 Applications Without Hand-Coding” Download now! |
|
#1
November 25th, 2001, 04:14 PM
|
|||
|
|||
|
Problems with j_security_check using Tomcat 4
I have two problems with the j_security_check action that I use in my login page.
The first is about when a user trying to access a protected page but don't have the rights to do that. 1. The user type in a wrong user name or password and then it will send him to the error page. If he get back to the login page and type the right user name and password he will get into the protected site that he had access too. If he trying again and type in the right user name and password he will get into the protected site that he had access too and that so that's working fine but... 2. ..if a user who have access to some sites but not to that one he wants to get into, it will send him a "Apache Tomcat/4.0.1 - HTTP Status 403 - Access to the requested resource has been denied"-page. Now if he get back to the login-page and try with a accessable user name and password to the same page it will send him a "Apache Tomcat/4.0.1 - HTTP Status 404 - /j_security_check" page with the description:"The requested resource (/j_security_check) is not available". Is this a bug in the Tomcat 4 or is it a way to fix that problem. My other problem is about that "Access to the requested resource has been denied"-page. I want the user to be send to my error-page instead of that HTTP Status 403 -page. If I could do that maybe my other problemn would be fixed also. Check my code: login.jsp page <html> <head> <title>Login Page</title> <body bgcolor="white"> <form method="POST" action='<%= response.encodeURL("j_security_check") %>' > <table border="0" cellspacing="5"> <tr> <th align="right">Username:</th> <td align="left"><input type="text" name="j_username"></td> </tr> <tr> <th align="right">Password:</th> <td align="left"><input type="password" name="j_password"></td> </tr> <tr> <td align="right"><input type="submit" value="Log In"></td> <td align="left"><input type="reset"></td> </tr> </table> </form> </body> </html> -------------------------------------------------------------------------------- error.jsp page <html> <head> <title>Error Page</title> </head> <body bgcolor="white"> Invalid username and/or password, please try <a href='<%= response.encodeURL("login.jsp") %>'>again</a>. </body> </html> ---------------------------------------------------------------------- some of the code from one of my secured pages namely article.jsp <% if (request.getParameter("logoff") != null) { session.invalidate(); response.sendRedirect("article.jsp"); return; } <a href='<%= response.encodeURL("article.jsp?logoff=true")%>'>LOGOFF</a> ---------------------------------------------------------------------- web.xml page <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <security-constraint> <display-name>Example Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>/transport/*</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>trans</role-name> <role-name>admin</role-name> </auth-constraint> </security-constraint> <security-constraint> <display-name>Example Security</display-name> <web-resource-collection> <web-resource-name>Protected</web-resource-name> <url-pattern>/supplier/*</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>supp</role-name> <role-name>admin</role-name> </auth-constraint> </security-constraint> <security-constraint> <display-name>Example Security</display-name> <web-resource-collection> <web-resource-name>Protected</web-resource-name> <url-pattern>/customer/*</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>cust</role-name> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> </web-app> It would be so great if someone could help me
|
|
| Viewing: Dev Shed Forums > Programming Languages > Java Help > Problems with j_security_check using Tomcat 4 |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
