A quick overview of how authentication works might be helpful here.
Here's the sequence of events:
1) User requests a secured resource
2) The server internally redirects the user to login.jsp (note: the
client NEVER directly requests login.jsp)
3) The user enters his/her credentials and submits
4) The system authenticates the user and returns the originally
requested resource.
So what you really want to do is link to /seraf/index.jsp (or
whatever...) and let tomcat handle making sure the user is entitled to
it or not.
--David
Prashant Saraf wrote:
i created a link which connect to login.jsp then also it not works:(
On 2/3/06, David Delbecq <[EMAIL PROTECTED]> wrote:
This mean you tried to access login form directly. This is not allowed
in j2ee specifications.
Access to login form should only be triggered by server on demand. You
can't force a login.
To access login page, simply put a link to saraf/index.html (simple
example)
Prashant Saraf a écrit :
i have a problem in Tomcat & jsp
when i use j_security_check it gives me following error.
The request sent by the client was syntactically incorrect (Invalid
direct
reference to form login page
why this so
my web.xml....
<?xml version=3D" 1.0" encoding=3D"ISO-8859-1"?>
<web-app xmlns=3D"http://java.sun.com/xml/ns/j2ee "
xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance "
xsi:schemaLocation=3D"http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
"
version=3D" 2.4">
<description>
My first jsp example
</description>
<display-name>Work on Jsp</display-name>
<security-constraint>
<display-name>TestApp Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<!-- If you list http methods, only those methods are
protecte=
d
-->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<url-pattern>/saraf/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area
-->
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Form-Based Authentication</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
</web-app>
--
Cup of Java + Suger of XML = Secure WebApp
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Cup of Java + Suger of XML = Secure WebApp
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
