Solved

Problem with FORMS security

Posted on 2003-11-03
9
233 Views
Last Modified: 2010-04-01
Hi,

Iam using FORMS security, but I am having weird problems. When I first try to log in, I get forwarded to CSS file! If I go back and try again, I then get forwarded to context root not to the application url. Here is my Login form:

<FORM ACTION="j_security_check" METHOD="POST">
      <table width="99%" border="0">
                   <tr>
                <td width="34%">User Name:</td>
                <td width="66%"><INPUT TYPE="TEXT" NAME="j_username"></td>
              </tr>
              <tr>
                <td>Password:</td>
                <td><INPUT TYPE="PASSWORD" NAME="j_password"></td>
              </tr>
              <tr>
                <td></td>
                <td>&nbsp;</td>
              </tr>
              <tr>
                <td></td>
                <td><INPUT TYPE="SUBMIT" VALUE="Log In"></td>
              </tr>
      </table>
 </FORM>

What am I doing wrong?

Thanks!
0
Comment
Question by:R_a_V_e_N
  • 5
  • 3
9 Comments
 
LVL 14

Expert Comment

by:kennethxu
ID: 9672896
there is nothing wrong with your login form. problem is in somewhere else. for more information of form based security see:
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
0
 

Author Comment

by:R_a_V_e_N
ID: 9672913
ohhh ok. Where else could the problem be?

btw, Iam using Front Controller pattern, could this be causing problems?
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9673233
1. post the security related stuff in web.xml
2. let us your web directory layout
3. how exactly the problem occurs, the detailed use case.

>> btw, Iam using Front Controller pattern, could this be causing problems?
No
0
 

Author Comment

by:R_a_V_e_N
ID: 9673306
Hi kennethxu, this is my web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
  <servlet>
    <servlet-name>tics</servlet-name>
    <servlet-class>jonesbros.tics</servlet-class>
    .... (Servlet Initialisation Parameters) ...
  </servlet>
  <servlet-mapping>
    <servlet-name>tics</servlet-name>
    <url-pattern>/tics</url-pattern>
  </servlet-mapping>
  <security-constraint>
    <display-name>TICS System</display-name>
    <web-resource-collection>
      <web-resource-name>TICS System</web-resource-name>
      <description>Telephone Integrated Customer Service</description>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <description>These users can access the TICS System</description>
      <role-name>TeleConsultants</role-name>
      <role-name>MOD</role-name>
      <role-name>Managers</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Telephone Integrated Customer Service</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/InvalidLogin.jsp</form-error-page>
    </form-login-config>
  </login-config>
  <security-role>
    <description>These users can access the TICS System</description>
    <role-name>MOD</role-name>
  </security-role>
  <security-role>
    <description>These users can access the TICS System</description>
    <role-name>Managers</role-name>
  </security-role>
  <security-role>
    <description>These users can access the TICS System</description>
    <role-name>TeleConsultants</role-name>
  </security-role>
</web-app>

I access the application at: http://localhost:7001/jonesbros/tics, I get forwarded to the login page. In the login page if I supply invalid credentials, then I get the error page. But if I supply the right credentials I get taken to the following URL: http://localhost:7001/jonesbros/jsps/css/layout2.css. Off course there is no such URL! If I go back and try again I get forwarded to the following URL: http://localhost:7001/jonesbros. This is very weird and confusing.

btw, my directory layout is as follows. login.jsp and InvalidLogin.jsp are in the root directory. There is 'jsps' directory which contains all the jsp files. inside 'jsps' there are two directories 'images' and 'css'. My Servlet and handler classes are in the standard directory, WEB-INF.

Thanks for you're help, kennethxu!
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 14

Expert Comment

by:kennethxu
ID: 9673678
I read you post line by line. everything looks perfect assuming your context path is /jonesbros.

I do have a question though, what is /tics? is this a directory? have your tried to access a simple jsp page, for example
http://localhost:7001/jonesbros/jsps/echo.jsp, you should get prompted for the login page and then redirect to the echo.jsp page. if that works, then tell me more about "/tics".

>> If I go back and try again ...
that's normal, because the access url was saved in session and removed as soon as login is success, your 2nd try end up in the default context root because there is no saved url to forward to.
0
 

Author Comment

by:R_a_V_e_N
ID: 9674526
I solved my problem. I tried a less restrictive pattern. /tics rather then /*.

I looked at the access log and found that the reason why I was being redirected after my login to layout2.css was that this was a restricted file and this file was used for the login page. So the webserver would want to fetch this file but since its restricted I would get forwarded to login page and hence after login I would get forwarded to it.

Thanks for you're help, kennethxu!
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9675585
Nice! Thanks for posting you finding. You can request you points refunded and PAQ the question.
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 10055679
I'll ask support to fix this. will get your points back.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 10057348
PAQed, with points refunded (30)

Computer101
E-E Admin
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
What is Backup? Backup software creates one or more copies of the data on your digital devices in case your original data is lost or damaged. Different backup solutions protect different kinds of data and different combinations of devices. For e…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now