Ok, there is probably an issue with having your login pages not in the webapp they are used for. Move them into the app directory they are used for and that might fix it. There's a lot of goofiness in this area and unfortunately no clean way to share login/logout pages amongst multiple webapps.
-----Original Message----- From: Fabio Bazzani [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 4:07 PM To: Tomcat Users List Subject: Re: problem in FORM authentication These are my steps: 1) I just call index.jsp 2) click on my link (/prenotazione/index.jsp) 3) tomcat give me logIn.jsp 4) I correctly authenticate (I saw in catalina_log.yyyy-mm-dd.txt) 5) The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). ----------------------------------------------------------------------- .... webapps/index.jsp <-- where I call /prenotazione/index.jsp webapps/prenotazione/index.jsp webapps/logIn/logIn.jsp webapps/logIn/logIn-error.jsp .... -------------------------------------------------------------------------- From server.xml : .... .... <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true"> <!-- <Valve className="org.apache.catalina.authenticator.SingleSignOn" debug="0"/> --> <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/> --> <Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="localhost_log." suffix=".txt" timestamp="true"/> <!-- Tomcat Root Context --> <!-- <Context path="" docBase="ROOT" debug="0"/> --> <!-- context added for Web CUP project --> <Context path="/webcup" docBase="C:\Projects\WEBCUP\WebCup-app\webapps" debug="0" reloadable="true" crossContext="true"> <Logger className="org.apache.catalina.logger.FileLogger" prefix="localhost_webcup_log." suffix=".txt" timestamp="true"/> <Resource name="jdbc/webcup" auth="Container" type="javax.sql.DataSource"/> <ResourceParams name="jdbc/webcup"> <parameter> <name>factory</name> <value>org.apache.commons.dbcp.BasicDataSourceFactory</value> </parameter> <!-- Maximum number of dB connections in pool. Make sure you configure your mysqld max_connections large enough to handle all of your db connections. Set to 0 for no limit. --> <parameter> <name>maxActive</name> <value>100</value> </parameter> <!-- Maximum number of idle dB connections to retain in pool. Set to 0 for no limit. --> <parameter> <name>maxIdle</name> <value>30</value> </parameter> <!-- Maximum time to wait for a dB connection to become available in ms, in this example 10 seconds. An Exception is thrown if this timeout is exceeded. Set to -1 to wait indefinitely. --> <parameter> <name>maxWait</name> <value>10000</value> </parameter> <!-- MySQL dB username and password for dB connections --> <parameter> <name>username</name> <value>admin</value> </parameter> <parameter> <name>password</name> <value>mysql</value> </parameter> <!-- Class name for mm.mysql JDBC driver --> <parameter> <name>driverClassName</name> <value>org.gjt.mm.mysql.Driver</value> </parameter> <!-- The JDBC connection url for connecting to your MySQL dB. The autoReconnect=true argument to the url makes sure that the mm.mysql JDBC Driver will automatically reconnect if mysqld closed the connection. mysqld by default closes idle connections after 8 hours. --> <parameter> <name>url</name> <value>jdbc:mysql://localhost:3306/webcup?autoReconnect=true</value> </parameter> </ResourceParams> </Context> </Host> -------------------------------------------------------------------------- from web.xml : ...... <security-constraint> <web-resource-collection> <web-resource-name>Web CUP: pagina di prenotazione e registrazione</web-resource-name> <url-pattern>/prenotazione/*</url-pattern> <url-pattern>/disponibilita/*</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>patient</role-name> <role-name>doctor</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Web CUP: pagina di accettazione visita da parte dei dottori</web-resource-name> <url-pattern>/dottori/*</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>doctor</role-name> </auth-constraint> </security-constraint> <!-- Security constraints END --> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/logIn/logIn.jsp</form-login-page> <form-error-page>/logIn/logIn-error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description>doctor role</description> <role-name>doctor</role-name> </security-role> <security-role> <description>patient role</description> <role-name>patient</role-name> </security-role> ..... ---------------------------------------------------------------------------- ------------- ----- Original Message ----- From: "Madere, Colin" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Thursday, September 11, 2003 9:36 PM Subject: RE: problem in FORM authentication > If searching the archives of this list don't help, try posting a > trimmed down version of your server.xml (probably just the <host> or > even just your > relevent <Context> tag if you have one) and your auth setup from your > web.xml and the structure of your web-app (in case it is non-standard which > may cause problems). > But you are saying after you get this error page you are authenticated > and can access the protected area? YES > > -----Original Message----- > From: Fabio Bazzani [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 11, 2003 3:17 PM > To: Tomcat Users List > Subject: problem in FORM authentication > > > I'm using tomcat 4.1.27. > > I authenticate with FORM login and I get 400 error: > > The request sent by the client was syntactically incorrect (Invalid > direct reference to form login page). > > when I try to get a page with security constraints Tomcat show me the login > page (action = "j_security_check" , etc....). I authenticate but > Tomcat give > me 400 error code. > > where to find the error ? > > From %CATALINA_HOME%\logs\catalina_log.yyyy-mm-dd.txt user results to > be authenticated correctly but it doesn't show me the page I > requested. > > what about j_security_check ?? > > Please, help me. > > FB. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
