j_security_check : j_security

May 16, 2008 08:21pm pdt

1. ramazanyich 9,950
2. J4M3S_UK 8,450
3. PascalHe... 3,500
4. Ajay-Singh 2,250
5. CEHJ 2,100
6. girionis 2,000
6. successc... 2,000
6. zrgiu 2,000
6. DaveyEss 2,000
10. TimYates 1,500
10. cedlinx 1,500
12. blu 1,000
12. julianop... 1,000
12. contactk... 1,000
15. RadioAct... 900

1. ramazanyich 15,950
2. J4M3S_UK 8,450
3. CEHJ 7,720
4. rama_kri... 7,000
5. mayankeagle 5,500
6. Ajay-Singh 4,250
7. objects 3,780
8. PascalHe... 3,500
9. contactk... 3,000
10. DaveyEss 2,200
11. girionis 2,000
11. schwertner 2,000
11. karanw 2,000
11. giltjr 2,000
11. gibu_george 2,000
11. mhunts 2,000
11. zrgiu 2,000
11. successc... 2,000
11. Kuldeepc... 2,000
11. CSecurity 2,000

03.19.2007 at 10:10AM PDT, ID: 22458483

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.8

j_security_check

Zones: Jboss Application Server, Java Server Pages (JSP)

Tags: j_security_check, jboss

i'm using form based security in jboss with j_security_check

the problem is when i access login.jsp directly and try to login it gives an invalid page reference error 400.

how can i make it so that u can login by going to the login.jsp directly and then it sends you to a page based on the role of your entered username? if ur the admin role it sends to admin.jsp and if its in user role it sends to somethingelse.jsp

Start your free trial to view this solution

Question Stats

Zone: Software

Question Asked By: wrynn

Solution Provided By: ramazanyich

Participating Experts: 4

Solution Grade: A

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
New Net Users
New Users

Software
Digital Music
Gaming World

Home Security
Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Handhelds / PDAs
Displays / Monitors
Components
Networking Hardware

Peripherals
Laptops/Notebooks
Storage
Servers

Desktops
New Users
Misc
Apple

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMWare
Misc
Web Development

OS
CYGWIN
Voice Recognition
Message Queue
Quality Assurance
Security
Firewalls
MultiMedia Applications

Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals

Devices
Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
WebApplications
IDS
Vulnerabilities
Email Clients

File Sharing
Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMWare

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel

Algorithms
Game
Signal Processing
Project Management
Open Source

Database
Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Images

Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration
WebApplications

Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Broadband

Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Community Advisor
Lounge
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles

Community Support

Suggestions
New to EE
New Topics
Community Advisor

CleanUp
Announcements
General

Feedback
Input
EE Bugs

03.19.2007 at 11:22AM PDT, ID: 18750357

Rank: Master

mayankeagle:

http://www.roseindia.net/javacertification/wcd-guide/authentical_type.shtml

http://www.developer.com/java/ejb/article.php/3077421

03.23.2007 at 12:55AM PDT, ID: 18778064

ramazanyich:

First of all you should not go directly to login.jsp.
You just call a protected page (protected by <security-constraint> element ) and Tomcat (web server of jboss) will first call login.jsp to perform authentication and if it is succesful will load protected page. In this page you can check then user roles and forward to necessary URL based on role.

Let illustrate it with an example.
So you have following directory structure in your webapp:
/
-login.jsp
protected/
protected/firstpage.jsp
protected/admin/...
protected/usualuser/....

in your web.xml you add following:
---
<web-app>
....
<security-constraint>
       <web-resource-collection>
              <web-resource-name>Sample Application</web-resource-name>
              <description>Require users to authenticate</description>
              <url-pattern>/protected</url-pattern>
              <http-method>POST</http-method>
              <http-method>GET</http-method>
       </web-resource-collection>
       <auth-constraint>
            <role-name>admin</role-name>
            <role-name>others</role-name>
       </auth-constraint>
            <user-data-constraint>
                  <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
      </security-constraint>
      <security-role>
            <description>admin users</description>
            <role-name>admin</role-name>
      </security-role>
      <security-role>
            <description>Other users</description>
            <role-name>others</role-name>
      </security-role>
      <login-config>
            <auth-method>FORM</auth-method>
            <form-login-config>
                  <form-login-page>/login.jsp</form-login-page>
                  <form-error-page>/login.jsp</form-error-page>
            </form-login-config>
      </login-config>

...
</web-app>
---

In your firstpage.jsp you do checkup user roles and based on that forward to necessary URL:
<%if(request.isUserInRole("admin")){%>
      request.forward("admin/");
      <%}%>
<%if(request.isUserInRole("others")){%>
      request.forward("usualuser/");
      <%}%>

Deploy your web app. And in browser enter http://your-host:8080/yourwebappPath/protected/firstpage.jsp

And based on your user role you will be redirected to necessary page

Accepted Solution

05.17.2007 at 12:01PM PDT, ID: 19110692

rama_krishna580:

Hi,

drop the prefix "/" from the url pattern and try ...

R.K

06.07.2007 at 03:11PM PDT, ID: 19237912

Venabili:

This question has been classified as abandoned as it has no comments in the last 21 days. I will make a recommendation to the moderators on its resolution in approximately four days. I would appreciate any comments by the experts that would help me in making a recommendation.

It is assumed that any participant not responding to this request is no longer interested in its final disposition.

If the asker does not know how to close the question, the options are here:
http://www.experts-exchange.com/help.jsp#hs5

Venabili
EE Cleanup Volunteer

06.18.2007 at 01:28PM PDT, ID: 19310394

Venabili:

No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
Delete - no points refunded

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Venabili
EE Cleanup Volunteer

06.18.2007 at 04:04PM PDT, ID: 19311794

ramazanyich:

I think my answer could be accepted as correct one. We had exactly the sameproblem and my solution works perfectly and explains the behaviour

06.18.2007 at 06:22PM PDT, ID: 19312533

rama_krishna580:

i would say still drop the prefix "/" from the url pattern , it will work...

06.19.2007 at 04:56AM PDT, ID: 19314934

Venabili:

I kinda love experts that ignore pings and then come asking for points.

ramazanyich,

The question is how to go to it directly. Yes - you are giving a nice idea but unless the asker shows up, it does not really answer the question, does it? For all we know - he may have some business reason to want it like this.

rama,
From which pattern? Where do you know what he has in the prefix when he had never posted a pattern? :)

06.19.2007 at 08:18AM PDT, ID: 19316657

ramazanyich:

The way it is asked will not work in Tomcat. I was facing the same problem during of one of my implementations.
I want just call j_security_check from my URL, but got error 400. It works only the way I described

06.29.2007 at 02:13AM PDT, ID: 19387498

AnnieMod:

Tagged for future cleanup

AnnieMod
Cleanup Admin

20080236-EE-VQP-29