On Thu, 18 Oct 2001, Randy Layman wrote:
> Date: Thu, 18 Oct 2001 11:21:41 -0400
> From: Randy Layman <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: RE: j_security_check
>
>
> You need to have your j_security_check URL from the root of the
> WEBAPP. For example, you need to post the form to
> /examples/j_security_check in the examples webapp. Your error message
> implies to me that the login form in in the login directory. You would want
> your form's action to be ../j_security_check in this case.
>
Actually, the servlet spec is very specific -- you are supposed to set the
form action to "j_security_check" as a relative path. What this means to
the server is that the URL will be relative to wherever the login page
came from. Basically, the server has to match on "/j_security_check" at
the end of the URL to tell whether this is the special case or not.
Wayne, the most common cause for problems with form-based login is based
on a misunderstanding of how it works. If you are manually navigating to
the form login page, that's a miskate. Instead, you should just be
navigating to any URL that is protected by your security constraint.
Then, the server will save that request and show you the login page.
AFter you are authenticated, the server restores the original request and
completes it.
To see how it is supposed to work, simply start up Tomcat and access
http://localhost:8080/examples/jsp/security/protected/
which is protected by a security constraint. Tomcat will save away that
request, authenticate you, and then (after the submit of the login page)
will complete the original request. If you try to submit to
j_security_check at any other time, there will not be an original request
to restore to, which is why you get the error.
If it still doesn't make sense, temporarily switch to the BASIC login
method and try again. The user actions are identical -- the only
difference is that the login window is a pop-up dialog box instead of an
HTML page. Note that the user *never* references the pop-up dialog box
directly -- it is just used when necessary. Form based login is designed
to work exactly that way.
> Randy
>
Craig
>
> > -----Original Message-----
> > From: Wayne Hefner [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, October 18, 2001 11:23 AM
> > To: [EMAIL PROTECTED]
> > Subject: j_security_check
> >
> >
> > I am trying to set up a form based authorization, I have done
> > everything
> > similar to examples I have found. My login.jsp appears below:
> >
> >
> > <html>
> > <body>
> > <h1>Login page for examples</h1>
> > <form method="POST" action="j_security_check" >
> > Username: <input type="text" name="j_username"><br>
> > Password: <input type="password" name="j_password"><br>
> > <br>
> > <input type="submit" value="login" name="j_security_check">
> > </form>
> >
> > </body>
> > </html>
> >
> > when I submit it doesn't appear that the engine knows about the
> > j_security_check servlet since it attempts to go to
> > http://mack-weh/login/j_security_check and displays a page
> > not found error.
> >
> > Is there anything that needs to be done to activate this servlet.
> >
> > thanks,
> >
> > wayne
> >
> >
>
