Tomcat ldap authentication with 403 Forbidden error
Hi, i'm working with Tomcat and i've configured a Realm for user authentication against Oracle OID. Sniffing the communication between the client and the OID server everything seems to be fine, but when the user authenticates the application then displays the 403 forbidden error page. This is the security section in the app web.xml, the role to validate is authenticated_users. It only works when I put the role as * but it doesn't when i put authenticated_users. Why could this be happening? security-constraint web-resource-collection web-resource-nameprotected/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameauthenticated_users/role-name /auth-constraint /security-constraint security-role role-nameauthenticated_users/role-name /security-role login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config
Re: Tomcat ldap authentication with 403 Forbidden error
Hi, i'm working with Tomcat 5.5.31 ... but i've also tested this configuration on 6.0.29 and it displays the same error. The security-role is right below the security-constraint closing tag and above the login-config opening tag. Thanks. On Mon, Sep 27, 2010 at 12:37 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Julio César Chaves Fernández [mailto:hent...@gmail.com] Subject: Tomcat ldap authentication with 403 Forbidden error i'm working with Tomcat What *exact* version? This is the security section in the app web.xml I don't see any security-role element in the above, which is required. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
NullPointerException on Struts Action
Hi, i've been having a strange behavior with some struts apps deployed on Oracle portal. Lately, they're giving the 500 Internal Server Error and this output: 09/09/17 16:10:19 java.lang.NullPointerException 09/09/17 16:10:19 at org.apache.struts.action.Action.getDataSource(Action.java:532) 09/09/17 16:10:19 at co.edu.icesi.notas.action.InicioAction.execute(InicioAction.java:46) 09/09/17 16:10:19 at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484) 09/09/17 16:10:19 at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) 09/09/17 16:10:19 at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) 09/09/17 16:10:19 at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) 09/09/17 16:10:19 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) 09/09/17 16:10:19 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) 09/09/17 16:10:19 at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65) 09/09/17 16:10:19 at oracle.security.jazn.oc4j.JAZNFilter.doFilter(Unknown Source) 09/09/17 16:10:19 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:674) 09/09/17 16:10:19 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:341) 09/09/17 16:10:19 at com.evermind.server.http.ServletRequestDispatcher.forward(ServletRequestDispatcher.java:230) 09/09/17 16:10:19 at com.evermind.server.http.EvermindPageContext.forward(EvermindPageContext.java:228) 09/09/17 16:10:19 at _index._jspService(_index.java:48) 09/09/17 16:10:19 at com.orionserver.http.OrionHttpJspPage.service(OrionHttpJspPage.java:56) 09/09/17 16:10:19 at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:356) 09/09/17 16:10:19 at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:498) 09/09/17 16:10:19 at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:402) 09/09/17 16:10:19 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) 09/09/17 16:10:19 at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65) 09/09/17 16:10:19 at oracle.security.jazn.oc4j.JAZNFilter.doFilter(Unknown Source) 09/09/17 16:10:19 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:674) 09/09/17 16:10:19 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:341) 09/09/17 16:10:19 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:816) 09/09/17 16:10:19 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:231) 09/09/17 16:10:19 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:136) 09/09/17 16:10:19 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192) 09/09/17 16:10:19 at java.lang.Thread.run(Thread.java:534) InicioAction is the init action that sets some data in the user session and makes some validations. The code in Action.java at line 532 is: protected DataSource getDataSource(HttpServletRequest request, String key) { ServletContext context = getServlet().getServletContext(); - line 532 ModuleConfig moduleConfig = RequestUtils.getModuleConfig(request, context); return ((DataSource)context.getAttribute(key + moduleConfig.getPrefix())); } with this info you know the getServlet() method is returning null according to output, but then why could this have happened if the application was working well up untill that day for at least a week or so. How could that servlet get lost on runtime? What kind of event could trigger that error? TIA Julio César Chaves _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vistamkt=en-USform=QBRE
RE: NullPointerException on Struts Action
mmm yes you're right I should post this on the struts forum but thanks... i'll check what you said about the right implementation. Thanks Date: Fri, 18 Sep 2009 12:04:11 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: NullPointerException on Struts Action -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, On 9/18/2009 9:44 AM, Julio César Chaves Fernández wrote: Hi, i've been having a strange behavior with some struts apps deployed on Oracle portal. Given that this is Struts running on Oracle, why not ask your question on the Struts list or ask someone at Oracle? This is a forum for Apache Tomcat users. :( 09/09/17 16:10:19 java.lang.NullPointerException 09/09/17 16:10:19 at org.apache.struts.action.Action.getDataSource(Action.java:532) 09/09/17 16:10:19 at co.edu.icesi.notas.action.InicioAction.execute(InicioAction.java:46) [snip] Wow, you're using Action.getDataSource? Wasn't that deprecated like 5 years ago? InicioAction is the init action that sets some data in the user session and makes some validations. The code in Action.java at line 532 is: protected DataSource getDataSource(HttpServletRequest request, String key) { ServletContext context = getServlet().getServletContext(); - line 532 ModuleConfig moduleConfig = RequestUtils.getModuleConfig(request, context); return ((DataSource)context.getAttribute(key + moduleConfig.getPrefix())); } Are you sure you're looking at the right version of the code? Are you doing something silly like trying to use this Action before it has been properly brought into service? If that's the case, then getServlet() would return null. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqzr3sACgkQ9CaO5/Lv0PA5UACdG+1Bhn2dhBuIHqF0E/gIKCWJ lxYAnjcN1rTlDXhEcf3+F1x0f3xiTqBV =PB58 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vistamkt=en-USform=QBRE
RE: https j_security_check apparently Solved :P
Hi, Well, when i access the application over the AJP connector it does what it's suppossed to ... redirect it by the redirect port defined in the connector on the server.xml file. Its just that https is over port 443, so when it redirects by port 8463 defined in the AJP connector it gets a timeout error. Apache sends its requests to the connector with the port 8100 I assume ... so if i define a redirect port with 443 in it would it work ? TIA, Julio César Date: Fri, 15 Aug 2008 13:07:33 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check apparently Solved :P -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: the access is over Apache through the mod_jk connector (the one that connects with AJP13), and mapping with httpd.conf, but its also accessed by ports 8100 and 8443. I think you might reduce confusion if you debug one connector setup at a time. If you access your web application exclusively through Apache/AJP, does the application behave in the way you expect? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkilt9UACgkQ9CaO5/Lv0PCesACgkPPuZfbXi1JytUPG8JNN+/5s lAsAoKvBxJGtvVAdGL+gCXdqDYjYNdt/ =kJ9R -END PGP SIGNATURE- - _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE
RE: https j_security_check apparently Solved :P
Hi, I'm sorry but i read the previous question and now that i notice i doesn't make any sense given that apache is connecting tomcat by AJP connector ... the question would be if there is a way to redirect a request over http for an application that has a confidential transport guarantee defined in the application not through the port defined in the AJP connector but by port 443? TIA, Julio César From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: RE: https j_security_check apparently Solved :P Date: Tue, 19 Aug 2008 10:05:27 -0500 Hi, Well, when i access the application over the AJP connector it does what it's suppossed to ... redirect it by the redirect port defined in the connector on the server.xml file. Its just that https is over port 443, so when it redirects by port 8463 defined in the AJP connector it gets a timeout error. Apache sends its requests to the connector with the port 8100 I assume ... so if i define a redirect port with 443 in it would it work ? TIA, Julio César Date: Fri, 15 Aug 2008 13:07:33 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check apparently Solved :P -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: the access is over Apache through the mod_jk connector (the one that connects with AJP13), and mapping with httpd.conf, but its also accessed by ports 8100 and 8443. I think you might reduce confusion if you debug one connector setup at a time. If you access your web application exclusively through Apache/AJP, does the application behave in the way you expect? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkilt9UACgkQ9CaO5/Lv0PCesACgkPPuZfbXi1JytUPG8JNN+/5s lAsAoKvBxJGtvVAdGL+gCXdqDYjYNdt/ =kJ9R -END PGP SIGNATURE- - _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE
RE: https j_security_check now really Solved :P
Hi, Yes, it worked with only that connector ... the requests that came from http over apache and went to the AJP connector were redirected by te port defined as redirectPort in the connector...so changing this to 443 as in the second scheme you propose did the job...thanks for helping and again my apologies for all the trouble or headaches caused ;). Julio César Date: Tue, 19 Aug 2008 13:14:51 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check apparently Solved :P -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: I'm sorry but i read the previous question and now that i notice i doesn't make any sense given that apache is connecting tomcat by AJP connector ... the question would be if there is a way to redirect a request over http for an application that has a confidential transport guarantee defined in the application not through the port defined in the AJP connector but by port 443? If you want all traffic to be handled by Apache httpd and mod_jk in this way: Client --- HTTP (80) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTPS (443) --- Apache httpd --- AJP (8100) --- Tomcat Then you need only a single connector: Connector port=8100 protocol=AJP/1.3 / (Plus any other settings you want to add). Apache httpd will handle all of the HTTPS stuff for you. Remove all other connectors from Tomcat. If you want to be able to support alternate ports that go directly to Tomcat, like this: Client --- HTTP (80) --- Tomcat Client --- HTTPS (443) --- Tomcat Then you will need two connectors: Connector port=80 / Connector port=443 scheme=https sslProtocol=TLS/ (Plus any other settings you want to add). If you want to support both configurations at the same time, you will need 3 connectors, but each with unique port numbers. Something like this: Client --- HTTP (80) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTPS (443) --- Apache httpd --- AJP (8100) --- Tomcat Client --- HTTP (8080) --- Tomcat Client --- HTTPS (8443) --- Tomcat Connector port=8100 protocol=AJP/1.3 / !-- for AJP -- Connector port=8080 redirectPort=8443 / !-- for HTTP -- Connector port=8443 scheme=https sslProtocol=TLS/ If you want to use port 443 as the redirect port for your 8080 connector, then go ahead and do it. However, to me it only makes sense to support /either/ direct-to-Tomcat /or/ via-Apache-httpd configurations. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiq/4sACgkQ9CaO5/Lv0PC7dwCgky/b57zH2RYKBc14jPo1mNXQ /g8AnAhjkevlaEyaoG0B7Pz3txgn8FFp =BhcA -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-ussource=wlmailtagline
RE: https j_security_check apparently Solved :P
Hi, Ye, i think thats what i needed apparently the redirection was the problem ... thanks for your help and excuse my ignorance but ... i have this connectors: Service name=Catalina Connector URIEncoding=UTF-8 port=8100 minSpareThreads=25 connectionTimeout=2 uRIEncoding=UTF-8 maxThreads=300 maxSpareThreads=75 /Connector Connector port=8443 scheme=https secure=true debug=0 minSpareThreads=25 clientAuth=false keystoreType=PKCS12 keystorePass= maxThreads=150 maxSpareThreads=75 keystoreFile=/home/jakarta/tomcat-5.5.16-8100/conf/icesi.p12 sslProtocol=TLS /Connector Connector port=8029 redirectPort=8463 protocol=AJP/1.3 /Connector . . . and when I used the transport-guarantee tag and try to access the page it changes the url with the connector that has the AJP/1.3 protocol associated... do you know why could this happen? TIA, Julio César Date: Thu, 14 Aug 2008 12:29:38 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check apparently Solved :P -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: I was testing somethings within the login page that is configured in the web.xml file... and there was a piece of code doing a redirection to assure that the page is loaded over https... first i proved with a simple login page over https with no more than the login form ...and it worked as it supossed to ... then instead of insert the code to redirect the page over https I opened it with a url specifying https instead of http ... it worked ... so I changed back the form-login param in web.xml ... removed the redirection ... an tried again the same way i did with the simple login form ... and it worked ... now i have to ask ... did the redirection had something to do with this problem or do anyone know of a possible problem that can be raised when this is done?TIA, Honestly, I'm having a hard time understanding what you are doing. What is the additional redirection for? Why not simply use transport-guarantee in web.xml and let the container handle any HTTPS requirements? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkikXXIACgkQ9CaO5/Lv0PC1wgCgtUNuWDBsTqIPIjAfH64OPgv+ wf4An1rHKW4HmO15pAwckdz0msxOmLd2 =LSxR -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx
RE: https j_security_check apparently Solved :P
Hi, the access is over Apache through the mod_jk connector (the one that connects with AJP13), and mapping with httpd.conf, but its also accessed by ports 8100 and 8443. Date: Fri, 15 Aug 2008 11:10:09 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check apparently Solved :P -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: Ye, i think thats what i needed apparently the redirection was the problem ... thanks for your help and excuse my ignorance but ... i have this connectors: Can you explain what each of these connectors is for? I can see one HTTPS, one HTTP, and one AJP13. How are you really accessing Tomcat? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkilnFEACgkQ9CaO5/Lv0PAkzgCdEdtYw4tgxGGmV0acfIaWyHCM e4oAoJPqTIEa/LkOjeJNeLW4cg4k/Qzv =/WE8 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=createwx_url=/friends.aspxmkt=en-us
RE: https j_security_check apparently Solved :P
Hi, I was testing somethings within the login page that is configured in the web.xml file... and there was a piece of code doing a redirection to assure that the page is loaded over https... first i proved with a simple login page over https with no more than the login form ...and it worked as it supossed to ... then instead of insert the code to redirect the page over https I opened it with a url specifying https instead of http ... it worked ... so I changed back the form-login param in web.xml ... removed the redirection ... an tried again the same way i did with the simple login form ... and it worked ... now i have to ask ... did the redirection had something to do with this problem or do anyone know of a possible problem that can be raised when this is done?TIA, Julio César Date: Wed, 13 Aug 2008 13:44:39 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | The 302 sends me back to the login page ... honestly i can't totally | blame https ... i tested the applicaction with https via JSSE and it | works (this was done in my pc)... but when i changed the application | to another server https became the main issue where before it wasn't | ... so i'm trying to find what the real problem is ... it's just that | the only thing different between the working and the not working | application is the use of https. If you moved the application to another server, is it possible that the login itself is actually failing, and Tomcat is reacting correctly? One of my complaints about TC's authenticator is that it tends to swallow errors. You might try to write a little test on the new server to see if you can correctly access your user database. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkijHYcACgkQ9CaO5/Lv0PCYpwCff97yGzzjteCe6NPrVmVV0XmP 8LIAoKqGTkkbfvwIorRXRlMUa5y6KkWG =PKpu -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx
RE: https j_security_check
Hi, I was checking the http in my application and the server response is a 302 ... what could possibly do this when using https ... could it be something related to the URL ... or how could the server get confused given that with http it works fine. TIA, Julio César _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vistamkt=en-USform=QBRE
RE: https j_security_check
No i'm working with https all the time ... when it's only over http the application works ... it's just that i've been reading about something related to j_security_check and that it adds port 80 to the url ... so i don't know if it's related to my problem... i read this in http://www.velocityreviews.com/forums/t145712-load-balancing-an-https-java-web-application-in-tomcat.html ... may be i'm wrong or i don't have the right idea ... but when i saw that 302 the only thing that came to my mind was some problem related to the url and the server not finding the associated resources ... i'm checking if maybe thats the reason... Julio César Date: Wed, 13 Aug 2008 11:56:19 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | I was checking the http in my application and the server response is | a 302 ... what could possibly do this when using https ... could it | be something related to the URL ... or how could the server get | confused given that with http it works fine. Are you switching between HTTP and HTTPS? Some folks try to use HTTPS for the login and then redirect to HTTP for the rest of the application. That doesn't work unless the session cookie has been created from a non-secure URL. Otherwise the cookie itself is marked as secure and won't be sent by your browser when you switch back to HTTP. Could this be your problem? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkijBCIACgkQ9CaO5/Lv0PD5/QCfVCw6UgMkYilZqsVUnKRQAznX 8xwAni9vqVdMJpHV7Z0jJQoTqicT3Ct3 =hk6b -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE
RE: https j_security_check
The 302 sends me back to the login page ... honestly i can't totally blame https ... i tested the applicaction with https via JSSE and it works (this was done in my pc)... but when i changed the application to another server https became the main issue where before it wasn't ... so i'm trying to find what the real problem is ... it's just that the only thing different between the working and the not working application is the use of https. Julio César Date: Wed, 13 Aug 2008 12:20:59 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | No i'm working with https all the time ... when it's only over http | the application works ... it's just that i've been reading about | something related to j_security_check and that it adds port 80 to the | url Tomcat does not add port 80 to the URL. It uses whatever port was already being used. | ... so i don't know if it's related to my problem... i read this | in | http://www.velocityreviews.com/forums/t145712-load-balancing-an-https-java-web-application-in-tomcat.html | ... may be i'm wrong or i don't have the right idea ... but when i | saw that 302 the only thing that came to my mind was some problem | related to the url and the server not finding the associated | resources ... i'm checking if maybe thats the reason... Where does the 302 send you? Back to the login-error page? Are you sure that the only difference between a working configuration and a non-working configuration is the use of HTTPs? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkijCesACgkQ9CaO5/Lv0PA3cwCfUeM4okC0y2h7QQlTcb5p4w2R zPkAn09q7o10IodI+udoVCSLz92HDFOS =E4Jq -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx
RE: https j_security_check
Yes, it is the way it's designed ... but my problem is when the user and password are right ... i doesn't takes me to the site but leaves me again in the login page (this when I have https, without it the application works fine)... with the redirection to the form-error page defined in the web.xml file i know that it tries to authenticate the user and if it fails everything works how it's supossed to ... with https the authentication, although correct, redirects me to the login page ... so my problem is when i have https active ... otherwise everything works perfectly. Thanks again for helping. Julio César Date: Fri, 8 Aug 2008 22:46:05 -0400 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: https j_security_check -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Julio, Julio César Chaves Fernández wrote: | The curious thing is that when the password is | wrong the redirection is to the form-error page defined in the | web.xml file. So, I was hoping you could give me some sort of advice | or where could I start looking to know why it behaves like that. Perhaps I have misunderstood your question, but what you describe above is simply the way that form-based authentication is designed in the servlet specification. See section 12.5.3 of the servlet specification for the full story. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkidBO0ACgkQ9CaO5/Lv0PAL2wCfZfMx+WfG0pXRFkzC2JBIBSi6 sdkAnjhzQVfyHLESWHHFlbfLiYix4sOe =Fy6M -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=createwx_url=/friends.aspxmkt=en-us
https j_security_check
Hi, I have an issue with both https and j_secutiry_check... i've an application that works fine with only authentication (j_security_check) but when I try to access with https the application redirects the browser to the form-login page that is set in the web.xml file. The curious thing is that when the password is wrong the redirection is to the form-error page defined in the web.xml file. So, I was hoping you could give me some sort of advice or where could I start looking to know why it behaves like that. Thanks for reading. Sincerely, Julio César Chaves _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE