These are my steps:
1) I just call index.jsp
2) click on my link (/prenotazione/index.jsp)
3) tomcat give me logIn.jsp
4) I correctly authenticate (I saw in catalina_log.yyyy-mm-dd.txt)
5) The request sent by the client was syntactically incorrect (Invalid
direct
reference to form login page).
-----------------------------------------------------------------------
....
webapps/index.jsp <-- where I call /prenotazione/index.jsp
webapps/prenotazione/index.jsp
webapps/logIn/logIn.jsp
webapps/logIn/logIn-error.jsp
....
--------------------------------------------------------------------------
From server.xml :
....
....
<Host name="localhost" debug="0" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn"
debug="0"/>
-->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="localhost_access_log."
suffix=".txt"
pattern="common" resolveHosts="false"/>
-->
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_log." suffix=".txt"
timestamp="true"/>
<!-- Tomcat Root Context -->
<!--
<Context path="" docBase="ROOT" debug="0"/>
-->
<!-- context added for Web CUP project -->
<Context path="/webcup"
docBase="C:\Projects\WEBCUP\WebCup-app\webapps"
debug="0"
reloadable="true"
crossContext="true">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="localhost_webcup_log."
suffix=".txt"
timestamp="true"/>
<Resource name="jdbc/webcup"
auth="Container"
type="javax.sql.DataSource"/>
<ResourceParams name="jdbc/webcup">
<parameter>
<name>factory</name>
<value>org.apache.commons.dbcp.BasicDataSourceFactory</value>
</parameter>
<!-- Maximum number of dB connections in pool. Make sure you
configure your mysqld max_connections large enough to handle
all of your db connections. Set to 0 for no limit.
-->
<parameter>
<name>maxActive</name>
<value>100</value>
</parameter>
<!-- Maximum number of idle dB connections to retain in pool.
Set to 0 for no limit.
-->
<parameter>
<name>maxIdle</name>
<value>30</value>
</parameter>
<!-- Maximum time to wait for a dB connection to become available
in ms, in this example 10 seconds. An Exception is thrown if
this timeout is exceeded. Set to -1 to wait indefinitely.
-->
<parameter>
<name>maxWait</name>
<value>10000</value>
</parameter>
<!-- MySQL dB username and password for dB connections -->
<parameter>
<name>username</name>
<value>admin</value>
</parameter>
<parameter>
<name>password</name>
<value>mysql</value>
</parameter>
<!-- Class name for mm.mysql JDBC driver -->
<parameter>
<name>driverClassName</name>
<value>org.gjt.mm.mysql.Driver</value>
</parameter>
<!-- The JDBC connection url for connecting to your MySQL dB.
The autoReconnect=true argument to the url makes sure that the
mm.mysql JDBC Driver will automatically reconnect if mysqld
closed the
connection. mysqld by default closes idle connections after 8
hours.
-->
<parameter>
<name>url</name>
<value>jdbc:mysql://localhost:3306/webcup?autoReconnect=true</value>
</parameter>
</ResourceParams>
</Context>
</Host>
--------------------------------------------------------------------------
from web.xml :
......
<security-constraint>
<web-resource-collection>
<web-resource-name>Web CUP: pagina di prenotazione e
registrazione</web-resource-name>
<url-pattern>/prenotazione/*</url-pattern>
<url-pattern>/disponibilita/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>patient</role-name>
<role-name>doctor</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Web CUP: pagina di accettazione visita da
parte dei dottori</web-resource-name>
<url-pattern>/dottori/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>doctor</role-name>
</auth-constraint>
</security-constraint>
<!-- Security constraints END -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/logIn/logIn.jsp</form-login-page>
<form-error-page>/logIn/logIn-error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>doctor role</description>
<role-name>doctor</role-name>
</security-role>
<security-role>
<description>patient role</description>
<role-name>patient</role-name>
</security-role>
.....
----------------------------------------------------------------------------
-------------
----- Original Message -----
From: "Madere, Colin" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Thursday, September 11, 2003 9:36 PM
Subject: RE: problem in FORM authentication
> If searching the archives of this list don't help, try posting a trimmed
> down version of your server.xml (probably just the <host> or even just
your
> relevent <Context> tag if you have one) and your auth setup from your
> web.xml and the structure of your web-app (in case it is non-standard
which
> may cause problems).
> But you are saying after you get this error page you are authenticated and
> can access the protected area?
YES
>
> -----Original Message-----
> From: Fabio Bazzani [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 11, 2003 3:17 PM
> To: Tomcat Users List
> Subject: problem in FORM authentication
>
>
> I'm using tomcat 4.1.27.
>
> I authenticate with FORM login and I get 400 error:
>
> The request sent by the client was syntactically incorrect (Invalid direct
> reference to form login page).
>
> when I try to get a page with security constraints Tomcat show me the
login
> page (action = "j_security_check" , etc....). I authenticate but Tomcat
give
> me 400 error code.
>
> where to find the error ?
>
> From %CATALINA_HOME%\logs\catalina_log.yyyy-mm-dd.txt user results to be
> authenticated correctly but it doesn't show me the page I requested.
>
> what about j_security_check ??
>
> Please, help me.
>
> FB.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
