On 10/06/2010 14:19, neo21 zerro wrote: > > Yes every time I want to login! > > <security-constraint> > <web-resource-collection> > <web-resource-name>User Application</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>user</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <realm-name>user</realm-name> > <form-login-config> > <form-login-page>/forms/login.html</form-login-page> > <form-error-page>/forms/error.html</form-error-page>
I usually place them in: WEB-INF/login/form.jsp WEB-INF/login/error.jsp so they can't be requested directly. Use a JSP so you can properly encode the j_security_check URL. <%= response.encodeURL('j_security_check') %> p > </form-login-config> > </login-config> > <security-role> > <description>User Role for authentication</description> > <role-name>user</role-name> > </security-role> > > > > ------------------------------------------------------------------------ > *From:* Pid <p...@pidster.com> > *To:* Tomcat Users List <users@tomcat.apache.org> > *Sent:* Thu, June 10, 2010 3:43:18 PM > *Subject:* Re: HTTP Status 408! > > On 10/06/2010 12:06, neo21 zerro wrote: >> Hello , >> >> >> Good news I found a way to get rid of the error with this code in my JASS: >> session = req.getSession(true); >> >> >> But now I get another strage error : >> >> HTTP Status 400 - Invalid direct reference to form login page >> ________________________________ >> >> type Status report >> message Invalid direct reference to form login page >> description The request sent by the client was syntactically incorrect > (Invalid >> direct reference to form login page). > > Does this occur every time you try to log in? > > Please post the login config from web.xml. > > > p > > > > >> ________________________________ >> >> >> The response header looks like this: >> >> Response Headersview source >> Server Apache-Coyote/1.1 >> Content-Type text/html;charset=utf-8 >> Content-Length 1100 >> Date Thu, 10 Jun 2010 10:51:56 >> GMT >> Connection close >> Request Headersview source >> Host localhost:8080 >> User-Agent Mozilla/5.0 (Windows; U; >> Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 >> Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >> Accept-Language en-us,en;q=0.5 >> Accept-Encoding gzip,deflate >> Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 >> Keep-Alive 115 >> Connection keep-alive >> Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617 >> >> >> >> >> >> >> >> ________________________________ >> From: Pid <p...@pidster.com <mailto:p...@pidster.com>> >> To: Tomcat Users List <users@tomcat.apache.org > <mailto:users@tomcat.apache.org>> >> Sent: Thu, June 10, 2010 12:13:34 PM >> Subject: Re: HTTP Status 408! >> >> On 09/06/2010 21:52, neo21 zerro wrote: >>> Hello, >>> >>> I'm using Tomcat 6.0.26 with java 1.5 JDK. >>> >>> >>> I've developed a JAAS login module for my application and when > I try to login in my app a strange error occur's: >>> HTTP Status 408:The time allowed for the login process has been > exceeded. If you wish to continue you must either click back twice and > re-click the link you >>> requested or close and re-open your browser. >>> I've made a little research about the problem and everyone said > that it goes away if you enable the cookies(made that and the error > still occurs). Another thing is that the actual JAAS login module > authenticate the user but when it should display the protected resource > the error occurs. >>> >>> So if anyone has some ideas please share! >> >> What have you configured the session time to be? >> >> >> p >> >> >> > > >
signature.asc
Description: OpenPGP digital signature