Solved

Problem with FORMS security

Posted on 2003-11-03
9
240 Views
Last Modified: 2010-04-01
Hi,

Iam using FORMS security, but I am having weird problems. When I first try to log in, I get forwarded to CSS file! If I go back and try again, I then get forwarded to context root not to the application url. Here is my Login form:

<FORM ACTION="j_security_check" METHOD="POST">
      <table width="99%" border="0">
                   <tr>
                <td width="34%">User Name:</td>
                <td width="66%"><INPUT TYPE="TEXT" NAME="j_username"></td>
              </tr>
              <tr>
                <td>Password:</td>
                <td><INPUT TYPE="PASSWORD" NAME="j_password"></td>
              </tr>
              <tr>
                <td></td>
                <td>&nbsp;</td>
              </tr>
              <tr>
                <td></td>
                <td><INPUT TYPE="SUBMIT" VALUE="Log In"></td>
              </tr>
      </table>
 </FORM>

What am I doing wrong?

Thanks!
0
Comment
Question by:R_a_V_e_N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 14

Expert Comment

by:kennethxu
ID: 9672896
there is nothing wrong with your login form. problem is in somewhere else. for more information of form based security see:
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
0
 

Author Comment

by:R_a_V_e_N
ID: 9672913
ohhh ok. Where else could the problem be?

btw, Iam using Front Controller pattern, could this be causing problems?
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9673233
1. post the security related stuff in web.xml
2. let us your web directory layout
3. how exactly the problem occurs, the detailed use case.

>> btw, Iam using Front Controller pattern, could this be causing problems?
No
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:R_a_V_e_N
ID: 9673306
Hi kennethxu, this is my web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
  <servlet>
    <servlet-name>tics</servlet-name>
    <servlet-class>jonesbros.tics</servlet-class>
    .... (Servlet Initialisation Parameters) ...
  </servlet>
  <servlet-mapping>
    <servlet-name>tics</servlet-name>
    <url-pattern>/tics</url-pattern>
  </servlet-mapping>
  <security-constraint>
    <display-name>TICS System</display-name>
    <web-resource-collection>
      <web-resource-name>TICS System</web-resource-name>
      <description>Telephone Integrated Customer Service</description>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <description>These users can access the TICS System</description>
      <role-name>TeleConsultants</role-name>
      <role-name>MOD</role-name>
      <role-name>Managers</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Telephone Integrated Customer Service</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/InvalidLogin.jsp</form-error-page>
    </form-login-config>
  </login-config>
  <security-role>
    <description>These users can access the TICS System</description>
    <role-name>MOD</role-name>
  </security-role>
  <security-role>
    <description>These users can access the TICS System</description>
    <role-name>Managers</role-name>
  </security-role>
  <security-role>
    <description>These users can access the TICS System</description>
    <role-name>TeleConsultants</role-name>
  </security-role>
</web-app>

I access the application at: http://localhost:7001/jonesbros/tics, I get forwarded to the login page. In the login page if I supply invalid credentials, then I get the error page. But if I supply the right credentials I get taken to the following URL: http://localhost:7001/jonesbros/jsps/css/layout2.css. Off course there is no such URL! If I go back and try again I get forwarded to the following URL: http://localhost:7001/jonesbros. This is very weird and confusing.

btw, my directory layout is as follows. login.jsp and InvalidLogin.jsp are in the root directory. There is 'jsps' directory which contains all the jsp files. inside 'jsps' there are two directories 'images' and 'css'. My Servlet and handler classes are in the standard directory, WEB-INF.

Thanks for you're help, kennethxu!
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9673678
I read you post line by line. everything looks perfect assuming your context path is /jonesbros.

I do have a question though, what is /tics? is this a directory? have your tried to access a simple jsp page, for example
http://localhost:7001/jonesbros/jsps/echo.jsp, you should get prompted for the login page and then redirect to the echo.jsp page. if that works, then tell me more about "/tics".

>> If I go back and try again ...
that's normal, because the access url was saved in session and removed as soon as login is success, your 2nd try end up in the default context root because there is no saved url to forward to.
0
 

Author Comment

by:R_a_V_e_N
ID: 9674526
I solved my problem. I tried a less restrictive pattern. /tics rather then /*.

I looked at the access log and found that the reason why I was being redirected after my login to layout2.css was that this was a restricted file and this file was used for the login page. So the webserver would want to fetch this file but since its restricted I would get forwarded to login page and hence after login I would get forwarded to it.

Thanks for you're help, kennethxu!
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9675585
Nice! Thanks for posting you finding. You can request you points refunded and PAQ the question.
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 10055679
I'll ask support to fix this. will get your points back.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 10057348
PAQed, with points refunded (30)

Computer101
E-E Admin
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question