Problem with FORMS security

Hi,

Iam using FORMS security, but I am having weird problems. When I first try to log in, I get forwarded to CSS file! If I go back and try again, I then get forwarded to context root not to the application url. Here is my Login form:

<FORM ACTION="j_security_check" METHOD="POST">
      <table width="99%" border="0">
                   <tr>
                <td width="34%">User Name:</td>
                <td width="66%"><INPUT TYPE="TEXT" NAME="j_username"></td>
              </tr>
              <tr>
                <td>Password:</td>
                <td><INPUT TYPE="PASSWORD" NAME="j_password"></td>
              </tr>
              <tr>
                <td></td>
                <td>&nbsp;</td>
              </tr>
              <tr>
                <td></td>
                <td><INPUT TYPE="SUBMIT" VALUE="Log In"></td>
              </tr>
      </table>
 </FORM>

What am I doing wrong?

Thanks!
R_a_V_e_NAsked:
Who is Participating?
 
Computer101Commented:
PAQed, with points refunded (30)

Computer101
E-E Admin
0
 
kennethxuCommented:
there is nothing wrong with your login form. problem is in somewhere else. for more information of form based security see:
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
0
 
R_a_V_e_NAuthor Commented:
ohhh ok. Where else could the problem be?

btw, Iam using Front Controller pattern, could this be causing problems?
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
kennethxuCommented:
1. post the security related stuff in web.xml
2. let us your web directory layout
3. how exactly the problem occurs, the detailed use case.

>> btw, Iam using Front Controller pattern, could this be causing problems?
No
0
 
R_a_V_e_NAuthor Commented:
Hi kennethxu, this is my web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
  <servlet>
    <servlet-name>tics</servlet-name>
    <servlet-class>jonesbros.tics</servlet-class>
    .... (Servlet Initialisation Parameters) ...
  </servlet>
  <servlet-mapping>
    <servlet-name>tics</servlet-name>
    <url-pattern>/tics</url-pattern>
  </servlet-mapping>
  <security-constraint>
    <display-name>TICS System</display-name>
    <web-resource-collection>
      <web-resource-name>TICS System</web-resource-name>
      <description>Telephone Integrated Customer Service</description>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <description>These users can access the TICS System</description>
      <role-name>TeleConsultants</role-name>
      <role-name>MOD</role-name>
      <role-name>Managers</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Telephone Integrated Customer Service</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/InvalidLogin.jsp</form-error-page>
    </form-login-config>
  </login-config>
  <security-role>
    <description>These users can access the TICS System</description>
    <role-name>MOD</role-name>
  </security-role>
  <security-role>
    <description>These users can access the TICS System</description>
    <role-name>Managers</role-name>
  </security-role>
  <security-role>
    <description>These users can access the TICS System</description>
    <role-name>TeleConsultants</role-name>
  </security-role>
</web-app>

I access the application at: http://localhost:7001/jonesbros/tics, I get forwarded to the login page. In the login page if I supply invalid credentials, then I get the error page. But if I supply the right credentials I get taken to the following URL: http://localhost:7001/jonesbros/jsps/css/layout2.css. Off course there is no such URL! If I go back and try again I get forwarded to the following URL: http://localhost:7001/jonesbros. This is very weird and confusing.

btw, my directory layout is as follows. login.jsp and InvalidLogin.jsp are in the root directory. There is 'jsps' directory which contains all the jsp files. inside 'jsps' there are two directories 'images' and 'css'. My Servlet and handler classes are in the standard directory, WEB-INF.

Thanks for you're help, kennethxu!
0
 
kennethxuCommented:
I read you post line by line. everything looks perfect assuming your context path is /jonesbros.

I do have a question though, what is /tics? is this a directory? have your tried to access a simple jsp page, for example
http://localhost:7001/jonesbros/jsps/echo.jsp, you should get prompted for the login page and then redirect to the echo.jsp page. if that works, then tell me more about "/tics".

>> If I go back and try again ...
that's normal, because the access url was saved in session and removed as soon as login is success, your 2nd try end up in the default context root because there is no saved url to forward to.
0
 
R_a_V_e_NAuthor Commented:
I solved my problem. I tried a less restrictive pattern. /tics rather then /*.

I looked at the access log and found that the reason why I was being redirected after my login to layout2.css was that this was a restricted file and this file was used for the login page. So the webserver would want to fetch this file but since its restricted I would get forwarded to login page and hence after login I would get forwarded to it.

Thanks for you're help, kennethxu!
0
 
kennethxuCommented:
Nice! Thanks for posting you finding. You can request you points refunded and PAQ the question.
0
 
kennethxuCommented:
I'll ask support to fix this. will get your points back.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.