On 10/06/2010 14:19, neo21 zerro wrote: > > Yes every time I want to login! > > <security-constraint> > <web-resource-collection> > <web-resource-name>User Application</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>user</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <realm-name>user</realm-name> > <form-login-config> > <form-login-page>/forms/login.html</form-login-page> > <form-error-page>/forms/error.html</form-error-page>
I usually place them in:
WEB-INF/login/form.jsp
WEB-INF/login/error.jsp
so they can't be requested directly.
Use a JSP so you can properly encode the j_security_check URL.
<%= response.encodeURL('j_security_check') %>
p
> </form-login-config>
> </login-config>
> <security-role>
> <description>User Role for authentication</description>
> <role-name>user</role-name>
> </security-role>
>
>
>
> ------------------------------------------------------------------------
> *From:* Pid <p...@pidster.com>
> *To:* Tomcat Users List <users@tomcat.apache.org>
> *Sent:* Thu, June 10, 2010 3:43:18 PM
> *Subject:* Re: HTTP Status 408!
>
> On 10/06/2010 12:06, neo21 zerro wrote:
>> Hello ,
>>
>>
>> Good news I found a way to get rid of the error with this code in my JASS:
>> session = req.getSession(true);
>>
>>
>> But now I get another strage error :
>>
>> HTTP Status 400 - Invalid direct reference to form login page
>> ________________________________
>>
>> type Status report
>> message Invalid direct reference to form login page
>> description The request sent by the client was syntactically incorrect
> (Invalid
>> direct reference to form login page).
>
> Does this occur every time you try to log in?
>
> Please post the login config from web.xml.
>
>
> p
>
>
>
>
>> ________________________________
>>
>>
>> The response header looks like this:
>>
>> Response Headersview source
>> Server Apache-Coyote/1.1
>> Content-Type text/html;charset=utf-8
>> Content-Length 1100
>> Date Thu, 10 Jun 2010 10:51:56
>> GMT
>> Connection close
>> Request Headersview source
>> Host localhost:8080
>> User-Agent Mozilla/5.0 (Windows; U;
>> Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
>> Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>> Accept-Language en-us,en;q=0.5
>> Accept-Encoding gzip,deflate
>> Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive 115
>> Connection keep-alive
>> Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617
>>
>>
>>
>>
>>
>>
>>
>> ________________________________
>> From: Pid <p...@pidster.com <mailto:p...@pidster.com>>
>> To: Tomcat Users List <users@tomcat.apache.org
> <mailto:users@tomcat.apache.org>>
>> Sent: Thu, June 10, 2010 12:13:34 PM
>> Subject: Re: HTTP Status 408!
>>
>> On 09/06/2010 21:52, neo21 zerro wrote:
>>> Hello,
>>>
>>> I'm using Tomcat 6.0.26 with java 1.5 JDK.
>>>
>>>
>>> I've developed a JAAS login module for my application and when
> I try to login in my app a strange error occur's:
>>> HTTP Status 408:The time allowed for the login process has been
> exceeded. If you wish to continue you must either click back twice and
> re-click the link you
>>> requested or close and re-open your browser.
>>> I've made a little research about the problem and everyone said
> that it goes away if you enable the cookies(made that and the error
> still occurs). Another thing is that the actual JAAS login module
> authenticate the user but when it should display the protected resource
> the error occurs.
>>>
>>> So if anyone has some ideas please share!
>>
>> What have you configured the session time to be?
>>
>>
>> p
>>
>>
>>
>
>
>
signature.asc
Description: OpenPGP digital signature
