"Problem solved" I don't know what the cause of the problem was, but when I created a new, ultra-simple webapp and defined the same security and realm stuff, it worked. So something is peculiar about the app I was using (that I inherited).
So at least it's clear that the server.xml and web.xml sections I posted were reasonable. I do still wonder what was causing my problem, and I know I'll eventually have to fix it. On Tue, Apr 15, 2008 at 9:59 AM, Propes, Barry L <[EMAIL PROTECTED]> wrote: > you'd be surprised. I've got about 130 users on an app here, and we > require them to change their password every 90 days. > > There's about 9-10 people who ALWAYS get flagged, but from THEIR machine! > One girl cleared out her cache and it worked. The rest of them? We had them > clear out their disk cache, their temp files, reboot, everything, and they > still get this. > > And the odd thing is, I added a second page with the same params to try > and "fool Tomcat," to no avail. Strangely enough though, they can > appropriately get to other files and pages in the secure realm, just not > that one. > > So I send those people a non-protected link and let them change it. > > One thing I didn't try which probably would make zero difference is > dropping a package and then reimporting it and rebuilding. Like I said, I'm > sure it wouldn't help, but I don't know why some people could get there and > others not, and a couple were helped by clearing browser cache and others > still not. > > -----Original Message----- > From: Michael Teter [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 15, 2008 6:30 AM > To: Post-to Tomcat Users > Subject: that old problem - Invalid direct reference to form login page > > > Howdy. > > I've just spent two hours Googling, Yahooing, and searching the Tomcat > list > for a fix for this problem: > > PROBLEM (with steps leading to) > > I attempt to access a private page (myview.jsp) > Tomcat 5.5 properly sends me to login.jsp > I enter my username/password, submit, and my JNDIRealm LDAP lookup is made > I get the error page: > HTTP Status 400 - Invalid direct reference to form login page > > This is a pretty simple case. Everything I've seen on forums related to > this problem focus on the idea that the user has directly requested the > login page. I absolutely haven't done that. > > I've tried adding some stuff to the top of the login.jsp (as per a > suggestion on one of the Sun forums) to send the request elsewhere if the > session exists. I've explored a lot of things, but it still makes no > sense > to me. > > My best guess is that there's something wrong with my Realm definition in > server.xml, or in my security stuff in web.xml. So for reference, here > are > the interesting bits of each: > > ----- server.xml ---- > <Context path="/ui2" > docBase="C:\work\ui2" > privileged="true" > reloadable="true" > cookies="true" > debug="true"> > <Realm className = "org.apache.catalina.realm.JNDIRealm" > debug = "99" > connectionURL = "ldap://192.168.223.129:3268"; > connectionName = "vm2003\ldapqueryuser" > connectionPassword = "supersecret" > referrals = "follow" > userBase = "dc=vm2003,dc=local" > userSearch = "(sAMAccountName={0})" > userSubtree = "true" > digest = "MD5" > roleBase = "dc=vm2003,dc=local" > roleName = "cn" > roleSubtree = "true" > roleSearch = "(member={0})" > /> <!-- end of realm --> > > ... > /> <!-- end of context --> > > ----- web.xml ---- > > ... > <security-constraint> > <web-resource-collection> > <web-resource-name>Protected Area</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>ui2users</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/login-failure.jsp</form-error-page> > </form-login-config> > </login-config> > > <security-role> > <role-name>ui2users</role-name> > </security-role> > > ... > > __________________ > > I've spent time in book on safari.oreilly, reading countless tutorials and > docs online, and I'm at a dead end. > > I surely hope someone see's where I've made a mistake. > > Thanks, > Michael > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
