Re: HTTP Status 408!
Can you provide a hint on how to perform automatic login using BASIC authentication? Or can I somehow modify the class FormAuthenticator? and tell Tomcat to use my custom class Thanks! From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, June 21, 2010 7:52:40 PM Subject: Re: HTTP Status 408! On 21/06/2010 17:36, neo21 zerro wrote: Ok. Something like this ? URL protectedResource = new URL(http://localhost:8080/resource;); *URLConnection yc = *protectedResource*.openConnection();* BufferedReader in = new BufferedReader( new InputStreamReader( *yc.getInputStream()*)); String inputLine; while ((inputLine = in.readLine()) != null) //check if the response is the login page in.close(); if(The response is login page){ //make another request with to specific params for the authentication } It's actually much easier to use BASIC auth if a machine is logging in. Look at: http://hc.apache.org/ My question is that in the second request I need to open a browser so is the session id of the first request the same with the session id of the second request? because the FormAuthenticator need's the session id of the first request to retrieve the protected resource? Yes, the session id will be required. If the URLs are encoded properly as per previous discussion, then the form action attribute will be re-encoded to incorporate the session id - you'll see how to submit to a modified URL if you examine the returned HTML for the login form. p *From:* Pid p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org *Sent:* Mon, June 21, 2010 6:19:44 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 15:48, neo21 zerro wrote: Ok.I already have send params from my other application to my Tomcat application and everything goes well, I make this with the j_security_check on a post method, and I track down the path with the debug log. The problem is that in the org.apache.catalina.authenticator.FormAuthenticator in the authenticate method the user is getting authenticated but when the user should be redirected to the initial saved request, null is returned. So my problem is that I make */programmaticaly http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 /*just a request to my Tomcat web app authenticating the user per user params but I need somehow to tell the FormAuthenticator what the saved request should be. Any ideas? The process is: 1. make a request for a protected resource 2. check the response is what you want, 3. if it's not, but contains a login form 4. submit username password against form url FormAuthenticator creates the saved request at step 1. p Thanks!!! *From:* Pid p...@pidster.com mailto:p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org *Sent:* Mon, June 21, 2010 5:30:00 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 15:20, neo21 zerro wrote: Hello, Problem finally solved :) Pid was right my encoding was not ok and a Cookie was not passed over with the poste of the login page :) I needed to explicity create a servlet and in that servler add to the response object the JSSESIONID as a Cookie :) I have another question can I login from another aplication programmicaly to my app that runs on Tomcat with custom JAAS login module? If the other app knows how to perform whatever custom JAAS login you've built, then I don't see why not. p From: Martin Gainty mgai...@hotmail.com mailto:mgai...@hotmail.com mailto:mgai...@hotmail.com mailto:mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org Sent: Fri, June 11, 2010 11:16:09 PM Subject: RE: HTTP Status 408! can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply Date: Fri, 11 Jun 2010 12:32:44 -0700 From: neo21_ze...@yahoo.com mailto:neo21_ze...@yahoo.com mailto:neo21_ze...@yahoo.com mailto:neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users
Re: HTTP Status 408!
On 22/06/2010 13:25, neo21 zerro wrote: Can you provide a hint on how to perform automatic login using BASIC authentication? Did you look at the link I sent? Or can I somehow modify the class FormAuthenticator? and tell Tomcat to use my custom class FormAuthenticator is a Valve, it is automatically added to the Valve pipeline for each Context it's used with. Look at the source for FormAuthenticator. You can manually define your own Authenticator implementation, in META-INF/context.xml. ?xml version=1.0 encoding=UTF-8? Context ... reloadable=true WatchedResourceWEB-INF/web.xml/WatchedResource Valve className=my.package.MyAuthenticator / /Context N.B. Use your own Authenticator and you'll have to make sure every Tomcat upgrade is thoroughly checked for changes to the related classes. Tomcat 7.0 will have programmatic login as it implements Servlet 3.0, so you might only need to do this is a temporary measure. p *From:* Pid p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org *Sent:* Mon, June 21, 2010 7:52:40 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 17:36, neo21 zerro wrote: Ok. Something like this ? URL protectedResource = new URL(http://localhost:8080/resource;); *URLConnection yc = *protectedResource*.openConnection();* BufferedReader in = new BufferedReader( new InputStreamReader( *yc.getInputStream()*)); String inputLine; while ((inputLine = in.readLine()) != null) //check if the response is the login page in.close(); if(The response is login page){ //make another request with to specific params for the authentication } It's actually much easier to use BASIC auth if a machine is logging in. Look at: http://hc.apache.org/ My question is that in the second request I need to open a browser so is the session id of the first request the same with the session id of the second request? because the FormAuthenticator need's the session id of the first request to retrieve the protected resource? Yes, the session id will be required. If the URLs are encoded properly as per previous discussion, then the form action attribute will be re-encoded to incorporate the session id - you'll see how to submit to a modified URL if you examine the returned HTML for the login form. p *From:* Pid p...@pidster.com mailto:p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org *Sent:* Mon, June 21, 2010 6:19:44 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 15:48, neo21 zerro wrote: Ok.I already have send params from my other application to my Tomcat application and everything goes well, I make this with the j_security_check on a post method, and I track down the path with the debug log. The problem is that in the org.apache.catalina.authenticator.FormAuthenticator in the authenticate method the user is getting authenticated but when the user should be redirected to the initial saved request, null is returned. So my problem is that I make */programmaticaly http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 /*just a request to my Tomcat web app authenticating the user per user params but I need somehow to tell the FormAuthenticator what the saved request should be. Any ideas? The process is: 1. make a request for a protected resource 2. check the response is what you want, 3. if it's not, but contains a login form 4. submit username password against form url FormAuthenticator creates the saved request at step 1. p Thanks!!! *From:* Pid p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org *Sent:* Mon, June 21, 2010 5:30:00 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 15:20, neo21 zerro wrote: Hello, Problem finally solved :) Pid was right my encoding was not ok and a Cookie was not passed over with the poste of the login page :) I needed to explicity create a servlet and in that servler add
Re: HTTP Status 408!
Thanks Pid for your time and answers. Clearly that is not an option for me...I'll wait for Tomcat 7 then :) Thanks! From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Tue, June 22, 2010 3:41:02 PM Subject: Re: HTTP Status 408! On 22/06/2010 13:25, neo21 zerro wrote: Can you provide a hint on how to perform automatic login using BASIC authentication? Did you look at the link I sent? Or can I somehow modify the class FormAuthenticator? and tell Tomcat to use my custom class FormAuthenticator is a Valve, it is automatically added to the Valve pipeline for each Context it's used with. Look at the source for FormAuthenticator. You can manually define your own Authenticator implementation, in META-INF/context.xml. ?xml version=1.0 encoding=UTF-8? Context ... reloadable=true WatchedResourceWEB-INF/web.xml/WatchedResource Valve className=my.package.MyAuthenticator / /Context N.B. Use your own Authenticator and you'll have to make sure every Tomcat upgrade is thoroughly checked for changes to the related classes. Tomcat 7.0 will have programmatic login as it implements Servlet 3.0, so you might only need to do this is a temporary measure. p *From:* Pid p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org *Sent:* Mon, June 21, 2010 7:52:40 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 17:36, neo21 zerro wrote: Ok. Something like this ? URL protectedResource = new URL(http://localhost:8080/resource;); *URLConnection yc = *protectedResource*.openConnection();* BufferedReader in = new BufferedReader( new InputStreamReader( *yc.getInputStream()*)); String inputLine; while ((inputLine = in.readLine()) != null) //check if the response is the login page in.close(); if(The response is login page){ //make another request with to specific params for the authentication } It's actually much easier to use BASIC auth if a machine is logging in. Look at: http://hc.apache.org/ My question is that in the second request I need to open a browser so is the session id of the first request the same with the session id of the second request? because the FormAuthenticator need's the session id of the first request to retrieve the protected resource? Yes, the session id will be required. If the URLs are encoded properly as per previous discussion, then the form action attribute will be re-encoded to incorporate the session id - you'll see how to submit to a modified URL if you examine the returned HTML for the login form. p *From:* Pid p...@pidster.com mailto:p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org *Sent:* Mon, June 21, 2010 6:19:44 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 15:48, neo21 zerro wrote: Ok.I already have send params from my other application to my Tomcat application and everything goes well, I make this with the j_security_check on a post method, and I track down the path with the debug log. The problem is that in the org.apache.catalina.authenticator.FormAuthenticator in the authenticate method the user is getting authenticated but when the user should be redirected to the initial saved request, null is returned. So my problem is that I make */programmaticaly http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 /*just a request to my Tomcat web app authenticating the user per user params but I need somehow to tell the FormAuthenticator what the saved request should be. Any ideas? The process is: 1. make a request for a protected resource 2. check the response is what you want, 3. if it's not, but contains a login form 4. submit username password against form url FormAuthenticator creates the saved request at step 1. p Thanks!!! *From:* Pid p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org *Sent:* Mon, June 21
Re: HTTP Status 408!
Hello, Problem finally solved :) Pid was right my encoding was not ok and a Cookie was not passed over with the poste of the login page :) I needed to explicity create a servlet and in that servler add to the response object the JSSESIONID as a Cookie :) I have another question can I login from another aplication programmicaly to my app that runs on Tomcat with custom JAAS login module? From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Fri, June 11, 2010 11:16:09 PM Subject: RE: HTTP Status 408! can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply Date: Fri, 11 Jun 2010 12:32:44 -0700 From: neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 10:35:48 PM Subject: Re: HTTP Status 408! On 10/06/2010 15:39, neo21 zerro wrote: Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Re: HTTP Status 408!
On 21/06/2010 15:20, neo21 zerro wrote: Hello, Problem finally solved :) Pid was right my encoding was not ok and a Cookie was not passed over with the poste of the login page :) I needed to explicity create a servlet and in that servler add to the response object the JSSESIONID as a Cookie :) I have another question can I login from another aplication programmicaly to my app that runs on Tomcat with custom JAAS login module? If the other app knows how to perform whatever custom JAAS login you've built, then I don't see why not. p From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Fri, June 11, 2010 11:16:09 PM Subject: RE: HTTP Status 408! can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply Date: Fri, 11 Jun 2010 12:32:44 -0700 From: neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 10:35:48 PM Subject: Re: HTTP Status 408! On 10/06/2010 15:39, neo21 zerro wrote: Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 signature.asc Description: OpenPGP digital signature
Re: HTTP Status 408!
Ok.I already have send params from my other application to my Tomcat application and everything goes well, I make this with the j_security_check on a post method, and I track down the path with the debug log. The problem is that in the org.apache.catalina.authenticator.FormAuthenticator in the authenticate method the user is getting authenticated but when the user should be redirected to the initial saved request, null is returned. So my problem is that I make programmaticaly just a request to my Tomcat web app authenticating the user per user params but I need somehow to tell the FormAuthenticator what the saved request should be. Any ideas? Thanks!!! From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, June 21, 2010 5:30:00 PM Subject: Re: HTTP Status 408! On 21/06/2010 15:20, neo21 zerro wrote: Hello, Problem finally solved :) Pid was right my encoding was not ok and a Cookie was not passed over with the poste of the login page :) I needed to explicity create a servlet and in that servler add to the response object the JSSESIONID as a Cookie :) I have another question can I login from another aplication programmicaly to my app that runs on Tomcat with custom JAAS login module? If the other app knows how to perform whatever custom JAAS login you've built, then I don't see why not. p From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Fri, June 11, 2010 11:16:09 PM Subject: RE: HTTP Status 408! can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply Date: Fri, 11 Jun 2010 12:32:44 -0700 From: neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 10:35:48 PM Subject: Re: HTTP Status 408! On 10/06/2010 15:39, neo21 zerro wrote: Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Re: HTTP Status 408!
On 21/06/2010 15:48, neo21 zerro wrote: Ok.I already have send params from my other application to my Tomcat application and everything goes well, I make this with the j_security_check on a post method, and I track down the path with the debug log. The problem is that in the org.apache.catalina.authenticator.FormAuthenticator in the authenticate method the user is getting authenticated but when the user should be redirected to the initial saved request, null is returned. So my problem is that I make */programmaticaly http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 /*just a request to my Tomcat web app authenticating the user per user params but I need somehow to tell the FormAuthenticator what the saved request should be. Any ideas? The process is: 1. make a request for a protected resource 2. check the response is what you want, 3. if it's not, but contains a login form 4. submit username password against form url FormAuthenticator creates the saved request at step 1. p Thanks!!! *From:* Pid p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org *Sent:* Mon, June 21, 2010 5:30:00 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 15:20, neo21 zerro wrote: Hello, Problem finally solved :) Pid was right my encoding was not ok and a Cookie was not passed over with the poste of the login page :) I needed to explicity create a servlet and in that servler add to the response object the JSSESIONID as a Cookie :) I have another question can I login from another aplication programmicaly to my app that runs on Tomcat with custom JAAS login module? If the other app knows how to perform whatever custom JAAS login you've built, then I don't see why not. p From: Martin Gainty mgai...@hotmail.com mailto:mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org Sent: Fri, June 11, 2010 11:16:09 PM Subject: RE: HTTP Status 408! can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply Date: Fri, 11 Jun 2010 12:32:44 -0700 From: neo21_ze...@yahoo.com mailto:neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org mailto:users@tomcat.apache.org I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas ma...@apache.org mailto:ma...@apache.org To: Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org Sent: Thu, June 10, 2010 10:35:48 PM Subject: Re: HTTP Status 408! On 10/06/2010 15:39, neo21 zerro wrote: Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org mailto:users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org mailto:users-h...@tomcat.apache.org _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 signature.asc Description: OpenPGP digital signature
Re: HTTP Status 408!
Ok. Something like this ? URL protectedResource = new URL(http://localhost:8080/resource;); URLConnection yc = protectedResource.openConnection(); BufferedReader in = new BufferedReader( new InputStreamReader( yc.getInputStream())); String inputLine; while ((inputLine = in.readLine()) != null) //check if the response is the login page in.close(); if(The response is login page){ //make another request with to specific params for the authentication } My question is that in the second request I need to open a browser so is the session id of the first request the same with the session id of the second request? because the FormAuthenticator need's the session id of the first request to retrieve the protected resource? From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, June 21, 2010 6:19:44 PM Subject: Re: HTTP Status 408! On 21/06/2010 15:48, neo21 zerro wrote: Ok.I already have send params from my other application to my Tomcat application and everything goes well, I make this with the j_security_check on a post method, and I track down the path with the debug log. The problem is that in the org.apache.catalina.authenticator.FormAuthenticator in the authenticate method the user is getting authenticated but when the user should be redirected to the initial saved request, null is returned. So my problem is that I make */programmaticaly http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 /*just a request to my Tomcat web app authenticating the user per user params but I need somehow to tell the FormAuthenticator what the saved request should be. Any ideas? The process is: 1. make a request for a protected resource 2. check the response is what you want, 3. if it's not, but contains a login form 4. submit username password against form url FormAuthenticator creates the saved request at step 1. p Thanks!!! *From:* Pid p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org *Sent:* Mon, June 21, 2010 5:30:00 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 15:20, neo21 zerro wrote: Hello, Problem finally solved :) Pid was right my encoding was not ok and a Cookie was not passed over with the poste of the login page :) I needed to explicity create a servlet and in that servler add to the response object the JSSESIONID as a Cookie :) I have another question can I login from another aplication programmicaly to my app that runs on Tomcat with custom JAAS login module? If the other app knows how to perform whatever custom JAAS login you've built, then I don't see why not. p From: Martin Gainty mgai...@hotmail.com mailto:mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org Sent: Fri, June 11, 2010 11:16:09 PM Subject: RE: HTTP Status 408! can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply Date: Fri, 11 Jun 2010 12:32:44 -0700 From: neo21_ze...@yahoo.com mailto:neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org mailto:users@tomcat.apache.org I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas ma...@apache.org mailto:ma...@apache.org To: Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org Sent: Thu, June 10, 2010 10:35:48 PM Subject: Re: HTTP Status 408! On 10/06/2010 15:39, neo21 zerro wrote: Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org mailto:users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org mailto:users-h...@tomcat.apache.org
Re: HTTP Status 408!
On 21/06/2010 17:36, neo21 zerro wrote: Ok. Something like this ? URL protectedResource = new URL(http://localhost:8080/resource;); *URLConnection yc = *protectedResource*.openConnection();* BufferedReader in = new BufferedReader( new InputStreamReader( *yc.getInputStream()*)); String inputLine; while ((inputLine = in.readLine()) != null) //check if the response is the login page in.close(); if(The response is login page){ //make another request with to specific params for the authentication } It's actually much easier to use BASIC auth if a machine is logging in. Look at: http://hc.apache.org/ My question is that in the second request I need to open a browser so is the session id of the first request the same with the session id of the second request? because the FormAuthenticator need's the session id of the first request to retrieve the protected resource? Yes, the session id will be required. If the URLs are encoded properly as per previous discussion, then the form action attribute will be re-encoded to incorporate the session id - you'll see how to submit to a modified URL if you examine the returned HTML for the login form. p *From:* Pid p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org *Sent:* Mon, June 21, 2010 6:19:44 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 15:48, neo21 zerro wrote: Ok.I already have send params from my other application to my Tomcat application and everything goes well, I make this with the j_security_check on a post method, and I track down the path with the debug log. The problem is that in the org.apache.catalina.authenticator.FormAuthenticator in the authenticate method the user is getting authenticated but when the user should be redirected to the initial saved request, null is returned. So my problem is that I make */programmaticaly http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 http://www.google.ro/search?hl=roei=IXsfTMiCB46C_AaVtpm9DQsa=Xoi=spellresnum=0ct=resultcd=1ved=0CCwQBSgAq=programmaticalyspell=1 /*just a request to my Tomcat web app authenticating the user per user params but I need somehow to tell the FormAuthenticator what the saved request should be. Any ideas? The process is: 1. make a request for a protected resource 2. check the response is what you want, 3. if it's not, but contains a login form 4. submit username password against form url FormAuthenticator creates the saved request at step 1. p Thanks!!! *From:* Pid p...@pidster.com mailto:p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org *Sent:* Mon, June 21, 2010 5:30:00 PM *Subject:* Re: HTTP Status 408! On 21/06/2010 15:20, neo21 zerro wrote: Hello, Problem finally solved :) Pid was right my encoding was not ok and a Cookie was not passed over with the poste of the login page :) I needed to explicity create a servlet and in that servler add to the response object the JSSESIONID as a Cookie :) I have another question can I login from another aplication programmicaly to my app that runs on Tomcat with custom JAAS login module? If the other app knows how to perform whatever custom JAAS login you've built, then I don't see why not. p From: Martin Gainty mgai...@hotmail.com mailto:mgai...@hotmail.com mailto:mgai...@hotmail.com mailto:mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org Sent: Fri, June 11, 2010 11:16:09 PM Subject: RE: HTTP Status 408! can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply Date: Fri, 11 Jun 2010 12:32:44 -0700 From: neo21_ze...@yahoo.com mailto:neo21_ze...@yahoo.com mailto:neo21_ze...@yahoo.com mailto:neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org mailto:users@tomcat.apache.org I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas ma...@apache.org mailto:ma...@apache.org mailto:ma...@apache.org mailto:ma...@apache.org
Re: HTTP Status 408!
I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 10:35:48 PM Subject: Re: HTTP Status 408! On 10/06/2010 15:39, neo21 zerro wrote: Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: HTTP Status 408!
can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply Date: Fri, 11 Jun 2010 12:32:44 -0700 From: neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 10:35:48 PM Subject: Re: HTTP Status 408! On 10/06/2010 15:39, neo21 zerro wrote: Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Re: HTTP Status 408!
On 09/06/2010 21:52, neo21 zerro wrote: Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error occurs. So if anyone has some ideas please share! What have you configured the session time to be? p signature.asc Description: OpenPGP digital signature
Re: HTTP Status 408!
Hello Pid , Thanks for your time! I put this in my web.xml : session-config session-timeout30/session-timeout !-- 30 minutes -- /session-config From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 12:13:34 PM Subject: Re: HTTP Status 408! On 09/06/2010 21:52, neo21 zerro wrote: Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error occurs. So if anyone has some ideas please share! What have you configured the session time to be? p
Re: HTTP Status 408!
Hello , Good news I found a way to get rid of the error with this code in my JASS: session = req.getSession(true); But now I get another strage error : HTTP Status 400 - Invalid direct reference to form login page type Status report message Invalid direct reference to form login page description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). The response header looks like this: Response Headersview source Server Apache-Coyote/1.1 Content-Type text/html;charset=utf-8 Content-Length 1100 Date Thu, 10 Jun 2010 10:51:56 GMT Connection close Request Headersview source Host localhost:8080 User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617 From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 12:13:34 PM Subject: Re: HTTP Status 408! On 09/06/2010 21:52, neo21 zerro wrote: Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error occurs. So if anyone has some ideas please share! What have you configured the session time to be? p
Re: HTTP Status 408!
On 10/06/2010 12:06, neo21 zerro wrote: Hello , Good news I found a way to get rid of the error with this code in my JASS: session = req.getSession(true); But now I get another strage error : HTTP Status 400 - Invalid direct reference to form login page type Status report message Invalid direct reference to form login page description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). Does this occur every time you try to log in? Please post the login config from web.xml. p The response header looks like this: Response Headersview source Server Apache-Coyote/1.1 Content-Type text/html;charset=utf-8 Content-Length 1100 Date Thu, 10 Jun 2010 10:51:56 GMT Connection close Request Headersview source Host localhost:8080 User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617 From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 12:13:34 PM Subject: Re: HTTP Status 408! On 09/06/2010 21:52, neo21 zerro wrote: Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error occurs. So if anyone has some ideas please share! What have you configured the session time to be? p signature.asc Description: OpenPGP digital signature
Re: HTTP Status 408!
Yes every time I want to login! security-constraint web-resource-collection web-resource-nameUser Application/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameuser/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameuser/realm-name form-login-config form-login-page/forms/login.html/form-login-page form-error-page/forms/error.html/form-error-page /form-login-config /login-config security-role descriptionUser Role for authentication/description role-nameuser/role-name /security-role From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 3:43:18 PM Subject: Re: HTTP Status 408! On 10/06/2010 12:06, neo21 zerro wrote: Hello , Good news I found a way to get rid of the error with this code in my JASS: session = req.getSession(true); But now I get another strage error : HTTP Status 400 - Invalid direct reference to form login page type Status report message Invalid direct reference to form login page description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). Does this occur every time you try to log in? Please post the login config from web.xml. p The response header looks like this: Response Headersview source Server Apache-Coyote/1.1 Content-Type text/html;charset=utf-8 Content-Length 1100 Date Thu, 10 Jun 2010 10:51:56 GMT Connection close Request Headersview source Host localhost:8080 User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617 From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 12:13:34 PM Subject: Re: HTTP Status 408! On 09/06/2010 21:52, neo21 zerro wrote: Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error occurs. So if anyone has some ideas please share! What have you configured the session time to be? p
Re: HTTP Status 408!
On 10/06/2010 14:19, neo21 zerro wrote: Yes every time I want to login! security-constraint web-resource-collection web-resource-nameUser Application/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameuser/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameuser/realm-name form-login-config form-login-page/forms/login.html/form-login-page form-error-page/forms/error.html/form-error-page I usually place them in: WEB-INF/login/form.jsp WEB-INF/login/error.jsp so they can't be requested directly. Use a JSP so you can properly encode the j_security_check URL. %= response.encodeURL('j_security_check') % p /form-login-config /login-config security-role descriptionUser Role for authentication/description role-nameuser/role-name /security-role *From:* Pid p...@pidster.com *To:* Tomcat Users List users@tomcat.apache.org *Sent:* Thu, June 10, 2010 3:43:18 PM *Subject:* Re: HTTP Status 408! On 10/06/2010 12:06, neo21 zerro wrote: Hello , Good news I found a way to get rid of the error with this code in my JASS: session = req.getSession(true); But now I get another strage error : HTTP Status 400 - Invalid direct reference to form login page type Status report message Invalid direct reference to form login page description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). Does this occur every time you try to log in? Please post the login config from web.xml. p The response header looks like this: Response Headersview source Server Apache-Coyote/1.1 Content-Type text/html;charset=utf-8 Content-Length 1100 Date Thu, 10 Jun 2010 10:51:56 GMT Connection close Request Headersview source Host localhost:8080 User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617 From: Pid p...@pidster.com mailto:p...@pidster.com To: Tomcat Users List users@tomcat.apache.org mailto:users@tomcat.apache.org Sent: Thu, June 10, 2010 12:13:34 PM Subject: Re: HTTP Status 408! On 09/06/2010 21:52, neo21 zerro wrote: Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error occurs. So if anyone has some ideas please share! What have you configured the session time to be? p signature.asc Description: OpenPGP digital signature
RE: HTTP Status 408!
the form-login-page login.html *should* contain the j_security parameters for your login form e.g.: form method=POST action=j_security_check input type=text name=j_username input type=text name=j_password input type=submit value=Log in /form is this the case? Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Thu, 10 Jun 2010 06:19:36 -0700 From: neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org; p...@pidster.com Yes every time I want to login! security-constraint web-resource-collection web-resource-nameUser Application/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameuser/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameuser/realm-name form-login-config form-login-page/forms/login.html/form-login-page form-error-page/forms/error.html/form-error-page /form-login-config /login-config security-role descriptionUser Role for authentication/description role-nameuser/role-name /security-role From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 3:43:18 PM Subject: Re: HTTP Status 408! On 10/06/2010 12:06, neo21 zerro wrote: Hello , Good news I found a way to get rid of the error with this code in my JASS: session = req.getSession(true); But now I get another strage error : HTTP Status 400 - Invalid direct reference to form login page type Status report message Invalid direct reference to form login page description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). Does this occur every time you try to log in? Please post the login config from web.xml. p The response header looks like this: Response Headersview source Server Apache-Coyote/1.1 Content-Type text/html;charset=utf-8 Content-Length 1100 Date Thu, 10 Jun 2010 10:51:56 GMT Connection close Request Headersview source Host localhost:8080 User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617 From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 12:13:34 PM Subject: Re: HTTP Status 408! On 09/06/2010 21:52, neo21 zerro wrote: Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error occurs. So if anyone has some ideas please share! What have you configured the session time to be? p _ Hotmail is redefining busy with tools for the New Busy. Get more from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_2
Re: HTTP Status 408!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Neo21, On 6/9/2010 4:52 PM, neo21 zerro wrote: I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. Are you trying to login without having first requested a protected page? The behavior you describe is how Tomcat acts if it's not expecting a login, but gets one anyway. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwQ7KgACgkQ9CaO5/Lv0PCQIACcDLKAA/VzAlElHHTknzz8XjCW XUcAoLnJOKG/tNhcGf0O2FOIvSrDH9Ss =fnzD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 408!
Hello, this is my login.html page: FORM ACTION=j_security_check METHOD=POST input id=username type=text size=20 name=j_username AUTOCOMPLETE=OFF input type=password size=20 name=j_password AUTOCOMPLETE=OFF input type=submit name=login value=Login From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 4:34:11 PM Subject: RE: HTTP Status 408! the form-login-page login.html *should* contain the j_security parameters for your login form e.g.: form method=POST action=j_security_check input type=text name=j_username input type=text name=j_password input type=submit value=Log in /form is this the case? Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Thu, 10 Jun 2010 06:19:36 -0700 From: neo21_ze...@yahoo.com Subject: Re: HTTP Status 408! To: users@tomcat.apache.org; p...@pidster.com Yes every time I want to login! security-constraint web-resource-collection web-resource-nameUser Application/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameuser/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameuser/realm-name form-login-config form-login-page/forms/login.html/form-login-page form-error-page/forms/error.html/form-error-page /form-login-config /login-config security-role descriptionUser Role for authentication/description role-nameuser/role-name /security-role From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 3:43:18 PM Subject: Re: HTTP Status 408! On 10/06/2010 12:06, neo21 zerro wrote: Hello , Good news I found a way to get rid of the error with this code in my JASS: session = req.getSession(true); But now I get another strage error : HTTP Status 400 - Invalid direct reference to form login page type Status report message Invalid direct reference to form login page description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). Does this occur every time you try to log in? Please post the login config from web.xml. p The response header looks like this: Response Headersview source Server Apache-Coyote/1.1 Content-Type text/html;charset=utf-8 Content-Length 1100 Date Thu, 10 Jun 2010 10:51:56 GMT Connection close Request Headersview source Host localhost:8080 User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617 From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 12:13:34 PM Subject: Re: HTTP Status 408! On 09/06/2010 21:52, neo21 zerro wrote: Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error
Re: HTTP Status 408!
Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? Thanks for your time! From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Thu, June 10, 2010 4:46:16 PM Subject: Re: HTTP Status 408! -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Neo21, On 6/9/2010 4:52 PM, neo21 zerro wrote: I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. Are you trying to login without having first requested a protected page? The behavior you describe is how Tomcat acts if it's not expecting a login, but gets one anyway. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwQ7KgACgkQ9CaO5/Lv0PCQIACcDLKAA/VzAlElHHTknzz8XjCW XUcAoLnJOKG/tNhcGf0O2FOIvSrDH9Ss =fnzD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 408!
On 10/06/2010 15:39, neo21 zerro wrote: Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 408!
2010/6/10 neo21 zerro neo21_ze...@yahoo.com: Are there other versions of Tomcat ? I mean newer versions, like 7 ? There is RC 4 build of Tomcat 7 available for testing. See a thread on d...@. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 408
Søren, I get a login error when the username or password is wrong but when it is correct I get the following error HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser This might happen if your session isn't found when you try to login. This might be caused by cookies being disabled, but the session if not being encoded in your login URL (i.e. /j_security_check;jsessionid=ABCD...). Otherwise, there are two possibilities: 1. You really are exceeding the session timeout before logging in (unlikely). 2. The session is not being found for some other reason. Maybe you have a proxy or load balancer something like that dropping the cookie? -chris signature.asc Description: OpenPGP digital signature
Re: HTTP Status 408
The code says (in FormAuthenticator) if (session == null) session = request.getSessionInternal(false); if (session == null) { if (containerLog.isDebugEnabled()) containerLog.debug (User took so long to log on the session expired); response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT, sm.getString(authenticator.sessionExpired)); return (false); } With the login form, a Session should be created. (Not quite an HttpSession, but pretty close to it) This Session also holds authentication information to send you back to the right location after login. For some reason a session can't be found. Why? I have no clue. It could be that the session expired, or it could be a session cookie is not being sent (for any number of reasons), or something else. To debug it, livehttpheaders and firefox might be helpful. -Tim scott soward wrote: I am getting this error occasionally and am unable to figure out the problem. -- HTTP/1.1 408 The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser -- I would really appreciate any suggestions about resolving this issue. It only happens when a valid user/password are used to login into a tomcat app. If an invalid user/password are used, I get correctly redirected to an error page. Thank you, Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTP Status 408
Thank you Tim, I'll try your suggestions. Scott --- Tim Funk [EMAIL PROTECTED] wrote: The code says (in FormAuthenticator) if (session == null) session = request.getSessionInternal(false); if (session == null) { if (containerLog.isDebugEnabled()) containerLog.debug (User took so long to log on the session expired); response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT, sm.getString(authenticator.sessionExpired)); return (false); } With the login form, a Session should be created. (Not quite an HttpSession, but pretty close to it) This Session also holds authentication information to send you back to the right location after login. For some reason a session can't be found. Why? I have no clue. It could be that the session expired, or it could be a session cookie is not being sent (for any number of reasons), or something else. To debug it, livehttpheaders and firefox might be helpful. -Tim scott soward wrote: I am getting this error occasionally and am unable to figure out the problem. -- HTTP/1.1 408 The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser -- I would really appreciate any suggestions about resolving this issue. It only happens when a valid user/password are used to login into a tomcat app. If an invalid user/password are used, I get correctly redirected to an error page. Thank you, Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]