Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2805
  • Last Modified:

j_security_check not found

The requested resource (/resource/j_security_check) is not available.

I have added stuff in  server.xml and web.xml and tried with Login page when I entered user/pass its not reconigizing j_security_check and throwing the above error.

Can anyone help what / where should be j_security_check ???

Thx
0
princehyderabad
Asked:
princehyderabad
  • 6
  • 3
1 Solution
 
CodingExpertsCommented:
The reason you are getting this message most likely is because you either don't have required entries in web.xml or are going directly to login.jsp page first, without trying to access a protected page. For some reason you can't go directly to login.jsp first, you have to be redirected there.

Try going to a page that is listed as protected in your deployment descriptor (web.xml).

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>standard</role-name>
</auth-constraint>
<user-data-constraint><transport-guarantee>
NONE</transport-guarantee></user-data-constraint>

<!-- Default login configuration uses form-based authentication -->

<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>

In this particular entry, any url under the filesystem will be protected (since the /* means all files) and you will be redirected to the login.jsp page.

Good Luck
CodingExperts
0
 
princehyderabadAuthor Commented:
hi coding expert

I hv the same code which you wrote above but still I'm not getting thru?????????
Do I need to write j_security_check  SERVLET ? or its redefine serlvet in Tomcat smart enough to check itself ??
How the flow works when FORM is submitted can you explain.

Can you tell me from basic step how to set for this Authencation:

1. FORM calls j_security_check  upon submit ??  then what happens....
2. I have changed my WEB.XML as you said above but still not working....
3. I also added DB (Realm) setting in >>Tomcat>>Conf>>SERVER.XML, but still not working .....

Please help.

Regards
H
0
 
CodingExpertsCommented:
Can you first try with the form based authentication to see where really the problem lies ....

Look this is the part of web.xml present in $TOMCAT_HOME/webapps/jsp-examples in examples bundled with tomcat 5.0 wherein it has an example of security and has the following desciptor.

in the webaaps folder there is a /security/protected folder which contains : login.jsp;index.jsp and error.jsp
see the part of web.xml useful to u ..
..................................................................................................

<!--provide the correct JSPC servlet mapping .. -->
    <servlet>
        <servlet-name>org.apache.jsp.security.protected_.error_jsp</servlet-name>
        <servlet-class>org.apache.jsp.security.protected_.error_jsp</servlet-class>
    </servlet>

    <servlet>
        <servlet-name>org.apache.jsp.security.protected_.index_jsp</servlet-name>
        <servlet-class>org.apache.jsp.security.protected_.index_jsp</servlet-class>
    </servlet>

    <servlet>
        <servlet-name>org.apache.jsp.security.protected_.login_jsp</servlet-name>
        <servlet-class>org.apache.jsp.security.protected_.login_jsp</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>org.apache.jsp.security.protected_.error_jsp</servlet-name>
        <url-pattern>/security/protected/error.jsp</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>org.apache.jsp.security.protected_.index_jsp</servlet-name>
        <url-pattern>/security/protected/index.jsp</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>org.apache.jsp.security.protected_.login_jsp</servlet-name>
        <url-pattern>/security/protected/login.jsp</url-pattern>
    </servlet-mapping>

...........................................................................................................................

   <security-constraint>
      <display-name>Example Security Constraint</display-name>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
       <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/security/protected/*</url-pattern>
       <!-- If you list http methods, only those methods are protected -->
       <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
       <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
         <role-name>tomcat</role-name>
         <role-name>role1</role-name>
      </auth-constraint>
    </security-constraint>

    <!-- Default login configuration uses form-based authentication -->
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Example Form-Based Authentication Area</realm-name>
      <form-login-config>
        <form-login-page>/security/protected/login.jsp</form-login-page>
        <form-error-page>/security/protected/error.jsp</form-error-page>
      </form-login-config>
    </login-config>
       
    <!-- Security roles referenced by this web application -->
    <security-role>
      <role-name>role1</role-name>
    </security-role>
    <security-role>
      <role-name>tomcat</role-name>
    </security-role>    
...........................................................................................................................

please see and respond in case of any problem ...

CodingExperts
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
princehyderabadAuthor Commented:
hi expert,

Yes I can see $tomcat>webapps>jsp-example>security>protected: has 3 jsp files (index, login, error)

When I tried this on browser,
http://localhost:8080/jsp-examples/security/protected/
it pop for user/pass ---- I tried tomcat/tomcat, admin/admin, manager/manager but nothing worked, it was always going to error page (invalide user/pass). Seems like it working in jsp-example folder, just I dont know the correct user/pass.

Anywaz this is my home structure (context):
http://localhost:8080/MSquaredWeb/resource/

here when I tried to the above URL, it pop for user/pass: when I enter tomcat/tomcat, the form action calls j_security_check and says file not found.
I replaced your above web.xml code as u said, also changed the folder names "/security/protected/" to my folder name "/resource/"

please let me how to get j_security_check worked.
0
 
princehyderabadAuthor Commented:
Hi codingexpert,

Ignore the above msg. I have finaly set few things and able to get j_security_check on my folder /resource/*

NOW HELP ME HERE:
http://localhost:8080/MSquaredWeb/resource/(Any file or folder)
its getting to Login Page, which is correct.

Now when I entered username/password, its calling j_security_check and redirecting me to Error.html
I tried  tomcat/tomcat or admin/admin or any user/pass which is present in the Tomcat 5.0>>conf>>tomcat-users.xml  but still it throws me to Error.html please help me.

This is my web.xml

<security-constraint>
        <web-resource-collection>
                <web-resource-name>MyFirst</web-resource-name>
                <description> accessible by authenticated users of the tomcat role</description>
                <url-pattern>/resource/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>PUT</http-method>
                <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
                <description>These roles are allowed access</description>
                <role-name>tomcat</role-name>
                <role-name>admin</role-name>                
        </auth-constraint>
</security-constraint>

<login-config>
        <auth-method>FORM</auth-method>
        <realm-name>MyFirst Protected Area</realm-name>
        <form-login-config>
                <form-login-page>/resource/login.jsp</form-login-page>
                <form-error-page>/resource/autherr.html</form-error-page>
        </form-login-config>
</login-config>

<security-role>
        <description>Only 'tomcat' role is allowed to access this web application</description>
        <role-name>tomcat</role-name>
        <role-name>admin</role-name>
</security-role>

This is my Server.xml (Tomcat>>Conf>>server.xml)
...
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgressql.Driver"
             connectionURL="jdbc:postgresql://localhost/mmdb"  userTable="users" userNameCol="user_name" userCredCol="user_password"
                   userRoleTable="user_roles" roleNameCol="role_name" />
....

Thanks
H
0
 
CodingExpertsCommented:
Hi Prince,
did u enter the user user names in tomcat-users.xml. in <TOMCAT_HOME>/conf/.

sample tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="admin" password="nimda" fullName="CodingExperts" roles="admin,manager,role1,tomcat"/>
 </tomcat-users>
0
 
princehyderabadAuthor Commented:
My dear coding expert I already mentioned above that I tried user in tomcat-users.xml, but not geting validate....

>>Now when I entered username/password, its calling j_security_check and redirecting me to Error.html
>>I tried  tomcat/tomcat or admin/admin or any user/pass which is present in the Tomcat 5.0>>conf>>tomcat-users.xml  but still it throws me to Error.html please help me.

Thx
0
 
princehyderabadAuthor Commented:
Hey CodingExperts,

Here is the thing:

If I use this Realm in Server.xml Authencation (login page) is working:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"/>

If I use Realm Database in Server.xml it not working: ANYTHING WRONG IN BELOW CODE ?

<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgressql.Driver"  connectionURL="jdbc:postgresql://localhost/mmdb"  userTable="users" userNameCol="user_name" userCredCol="user_password"     userRoleTable="user_roles" roleNameCol="role_name"/>

OR DO i NEED TO MODIFY MY web.xml: See below and let me know.
.....
<security-constraint>
        <web-resource-collection>
                <web-resource-name>MyFirst</web-resource-name>
                <description> accessible by authenticated users of the tomcat role</description>
                <url-pattern>/resource/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>PUT</http-method>
                <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
                <description>These roles are allowed access</description>
                <role-name>tomcat</role-name>
                <role-name>Administrator</role-name>                
                <role-name>Read Only</role-name>
        </auth-constraint>
</security-constraint>

<login-config>
        <auth-method>FORM</auth-method>
        <realm-name>MyFirst Protected Area</realm-name>
        <form-login-config>
                <form-login-page>/resource/login.jsp</form-login-page>
                <form-error-page>/resource/autherr.html</form-error-page>
        </form-login-config>
</login-config>

<security-role>
        <description>Only role below is allowed to access this web application</description>
        <role-name>tomcat</role-name>
        <role-name>Administrator</role-name>
       <role-name>Read Only</role-name>
       
</security-role>
.........
MY tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="login"/>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="Administrator"/> (this rolename present in database)
  <role rolename="Read Only"/> (this rolename present in database)
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="admin" password="admin" roles="manager"/>
  <user username="a123" password="a123" roles="Administrator,tomcat,admin,manager"/>
</tomcat-users>

OVERALL SUITATION: My Authencation (j_security_check) is working when I type user= a123;  pass=a123 which is saved in the tomcat-users.xml but when I change my Realm setting (ie)
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgressql.Driver"  connectionURL="jdbc:postgresql://localhost/mmdb"  userTable="users" userNameCol="user_name" userCredCol="user_password"     userRoleTable="user_roles" roleNameCol="role_name"/>
the login page asking user/pass, when I type  user= a123;  pass=a123  sending me to error page ofcourse bcoz this user/pass no in database. But then I try users of type Administrator and Ready Only present in the databse - table, its not accepting either and Redirecting me to Authentication Error Page which I created.  

Regards,
H
0
 
princehyderabadAuthor Commented:
     <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgresql.Driver"  
      connectionURL="jdbc:postgresql://10.7.100.80:5432/DBNAME"  
      connectionName="postgres" connectionPassword=""
      userTable="users" userNameCol="user_name" userCredCol="user_password"     userRoleTable="user_roles" roleNameCol="role_name"/>

I GOT ANSWER MYSELF THRU OTHER RESOURE.
0
 
ee_ai_constructCommented:
Question answered by asker or dialog valuable.
Closed, 150 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now