princehyderabad
asked on
j_security_check not found
The requested resource (/resource/j_security_chec k) is not available.
I have added stuff in server.xml and web.xml and tried with Login page when I entered user/pass its not reconigizing j_security_check and throwing the above error.
Can anyone help what / where should be j_security_check ???
Thx
I have added stuff in server.xml and web.xml and tried with Login page when I entered user/pass its not reconigizing j_security_check and throwing the above error.
Can anyone help what / where should be j_security_check ???
Thx
ASKER
hi coding expert
I hv the same code which you wrote above but still I'm not getting thru?????????
Do I need to write j_security_check SERVLET ? or its redefine serlvet in Tomcat smart enough to check itself ??
How the flow works when FORM is submitted can you explain.
Can you tell me from basic step how to set for this Authencation:
1. FORM calls j_security_check upon submit ?? then what happens....
2. I have changed my WEB.XML as you said above but still not working....
3. I also added DB (Realm) setting in >>Tomcat>>Conf>>SERVER.XML , but still not working .....
Please help.
Regards
H
I hv the same code which you wrote above but still I'm not getting thru?????????
Do I need to write j_security_check SERVLET ? or its redefine serlvet in Tomcat smart enough to check itself ??
How the flow works when FORM is submitted can you explain.
Can you tell me from basic step how to set for this Authencation:
1. FORM calls j_security_check upon submit ?? then what happens....
2. I have changed my WEB.XML as you said above but still not working....
3. I also added DB (Realm) setting in >>Tomcat>>Conf>>SERVER.XML
Please help.
Regards
H
Can you first try with the form based authentication to see where really the problem lies ....
Look this is the part of web.xml present in $TOMCAT_HOME/webapps/jsp-e xamples in examples bundled with tomcat 5.0 wherein it has an example of security and has the following desciptor.
in the webaaps folder there is a /security/protected folder which contains : login.jsp;index.jsp and error.jsp
see the part of web.xml useful to u ..
.......................... .......... .......... .......... .......... .......... .......... .......... ..
<!--provide the correct JSPC servlet mapping .. -->
<servlet>
<servlet-name>org.apache.j sp.securit y.protecte d_.error_j sp</servle t-name>
<servlet-class>org.apache. jsp.securi ty.protect ed_.error_ jsp</servl et-class>
</servlet>
<servlet>
<servlet-name>org.apache.j sp.securit y.protecte d_.index_j sp</servle t-name>
<servlet-class>org.apache. jsp.securi ty.protect ed_.index_ jsp</servl et-class>
</servlet>
<servlet>
<servlet-name>org.apache.j sp.securit y.protecte d_.login_j sp</servle t-name>
<servlet-class>org.apache. jsp.securi ty.protect ed_.login_ jsp</servl et-class>
</servlet>
<servlet-mapping>
<servlet-name>org.apache.j sp.securit y.protecte d_.error_j sp</servle t-name>
<url-pattern>/security/pro tected/err or.jsp</ur l-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>org.apache.j sp.securit y.protecte d_.index_j sp</servle t-name>
<url-pattern>/security/pro tected/ind ex.jsp</ur l-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>org.apache.j sp.securit y.protecte d_.login_j sp</servle t-name>
<url-pattern>/security/pro tected/log in.jsp</ur l-pattern>
</servlet-mapping>
.......................... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protect ed Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/security/pro tected/*</ url-patter n>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http- method>
<http-method>GET</http-met hod>
<http-method>POST</http-me thod>
<http-method>PUT</http-met hod>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>tomcat</role-na me>
<role-name>role1</role-nam e>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-me thod>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/security /protected /login.jsp </form-log in-page>
<form-error-page>/security /protected /error.jsp </form-err or-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>role1</role-nam e>
</security-role>
<security-role>
<role-name>tomcat</role-na me>
</security-role>
.......................... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......
please see and respond in case of any problem ...
CodingExperts
Look this is the part of web.xml present in $TOMCAT_HOME/webapps/jsp-e
in the webaaps folder there is a /security/protected folder which contains : login.jsp;index.jsp and error.jsp
see the part of web.xml useful to u ..
..........................
<!--provide the correct JSPC servlet mapping .. -->
<servlet>
<servlet-name>org.apache.j
<servlet-class>org.apache.
</servlet>
<servlet>
<servlet-name>org.apache.j
<servlet-class>org.apache.
</servlet>
<servlet>
<servlet-name>org.apache.j
<servlet-class>org.apache.
</servlet>
<servlet-mapping>
<servlet-name>org.apache.j
<url-pattern>/security/pro
</servlet-mapping>
<servlet-mapping>
<servlet-name>org.apache.j
<url-pattern>/security/pro
</servlet-mapping>
<servlet-mapping>
<servlet-name>org.apache.j
<url-pattern>/security/pro
</servlet-mapping>
..........................
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protect
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/security/pro
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-
<http-method>GET</http-met
<http-method>POST</http-me
<http-method>PUT</http-met
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>tomcat</role-na
<role-name>role1</role-nam
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-me
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/security
<form-error-page>/security
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>role1</role-nam
</security-role>
<security-role>
<role-name>tomcat</role-na
</security-role>
..........................
please see and respond in case of any problem ...
CodingExperts
ASKER
hi expert,
Yes I can see $tomcat>webapps>jsp-exampl e>security >protected : has 3 jsp files (index, login, error)
When I tried this on browser,
http://localhost:8080/jsp-examples/security/protected/
it pop for user/pass ---- I tried tomcat/tomcat, admin/admin, manager/manager but nothing worked, it was always going to error page (invalide user/pass). Seems like it working in jsp-example folder, just I dont know the correct user/pass.
Anywaz this is my home structure (context):
http://localhost:8080/MSquaredWeb/resource/
here when I tried to the above URL, it pop for user/pass: when I enter tomcat/tomcat, the form action calls j_security_check and says file not found.
I replaced your above web.xml code as u said, also changed the folder names "/security/protected/" to my folder name "/resource/"
please let me how to get j_security_check worked.
Yes I can see $tomcat>webapps>jsp-exampl
When I tried this on browser,
http://localhost:8080/jsp-examples/security/protected/
it pop for user/pass ---- I tried tomcat/tomcat, admin/admin, manager/manager but nothing worked, it was always going to error page (invalide user/pass). Seems like it working in jsp-example folder, just I dont know the correct user/pass.
Anywaz this is my home structure (context):
http://localhost:8080/MSquaredWeb/resource/
here when I tried to the above URL, it pop for user/pass: when I enter tomcat/tomcat, the form action calls j_security_check and says file not found.
I replaced your above web.xml code as u said, also changed the folder names "/security/protected/" to my folder name "/resource/"
please let me how to get j_security_check worked.
ASKER
Hi codingexpert,
Ignore the above msg. I have finaly set few things and able to get j_security_check on my folder /resource/*
NOW HELP ME HERE:
http://localhost:8080/MSquaredWeb/resource/(Any file or folder)
its getting to Login Page, which is correct.
Now when I entered username/password, its calling j_security_check and redirecting me to Error.html
I tried tomcat/tomcat or admin/admin or any user/pass which is present in the Tomcat 5.0>>conf>>tomcat-users.xm l but still it throws me to Error.html please help me.
This is my web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>MyFirst </web-reso urce-name>
<description> accessible by authenticated users of the tomcat role</description>
<url-pattern>/resource/*</ url-patter n>
<http-method>GET</http-met hod>
<http-method>POST</http-me thod>
<http-method>PUT</http-met hod>
<http-method>DELETE</http- method>
</web-resource-collection>
<auth-constraint>
<description>These roles are allowed access</description>
<role-name>tomcat</role-na me>
<role-name>admin</role-nam e>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-me thod>
<realm-name>MyFirst Protected Area</realm-name>
<form-login-config>
<form-login-page>/resource /login.jsp </form-log in-page>
<form-error-page>/resource /autherr.h tml</form- error-page >
</form-login-config>
</login-config>
<security-role>
<description>Only 'tomcat' role is allowed to access this web application</description>
<role-name>tomcat</role-na me>
<role-name>admin</role-nam e>
</security-role>
This is my Server.xml (Tomcat>>Conf>>server.xml)
...
<Realm className="org.apache.cata lina.realm .JDBCRealm " debug="99" driverName="org.postgressq l.Driver"
connectionURL="jdbc:postgr esql://loc alhost/mmd b" userTable="users" userNameCol="user_name" userCredCol="user_password "
userRoleTable="user_roles" roleNameCol="role_name" />
....
Thanks
H
Ignore the above msg. I have finaly set few things and able to get j_security_check on my folder /resource/*
NOW HELP ME HERE:
http://localhost:8080/MSquaredWeb/resource/(Any file or folder)
its getting to Login Page, which is correct.
Now when I entered username/password, its calling j_security_check and redirecting me to Error.html
I tried tomcat/tomcat or admin/admin or any user/pass which is present in the Tomcat 5.0>>conf>>tomcat-users.xm
This is my web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>MyFirst
<description> accessible by authenticated users of the tomcat role</description>
<url-pattern>/resource/*</
<http-method>GET</http-met
<http-method>POST</http-me
<http-method>PUT</http-met
<http-method>DELETE</http-
</web-resource-collection>
<auth-constraint>
<description>These roles are allowed access</description>
<role-name>tomcat</role-na
<role-name>admin</role-nam
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-me
<realm-name>MyFirst Protected Area</realm-name>
<form-login-config>
<form-login-page>/resource
<form-error-page>/resource
</form-login-config>
</login-config>
<security-role>
<description>Only 'tomcat' role is allowed to access this web application</description>
<role-name>tomcat</role-na
<role-name>admin</role-nam
</security-role>
This is my Server.xml (Tomcat>>Conf>>server.xml)
...
<Realm className="org.apache.cata
connectionURL="jdbc:postgr
userRoleTable="user_roles"
....
Thanks
H
Hi Prince,
did u enter the user user names in tomcat-users.xml. in <TOMCAT_HOME>/conf/.
sample tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="admin" password="nimda" fullName="CodingExperts" roles="admin,manager,role1 ,tomcat"/>
</tomcat-users>
did u enter the user user names in tomcat-users.xml. in <TOMCAT_HOME>/conf/.
sample tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="admin" password="nimda" fullName="CodingExperts" roles="admin,manager,role1
</tomcat-users>
ASKER
My dear coding expert I already mentioned above that I tried user in tomcat-users.xml, but not geting validate....
>>Now when I entered username/password, its calling j_security_check and redirecting me to Error.html
>>I tried tomcat/tomcat or admin/admin or any user/pass which is present in the Tomcat 5.0>>conf>>tomcat-users.xm l but still it throws me to Error.html please help me.
Thx
>>Now when I entered username/password, its calling j_security_check and redirecting me to Error.html
>>I tried tomcat/tomcat or admin/admin or any user/pass which is present in the Tomcat 5.0>>conf>>tomcat-users.xm
Thx
ASKER
Hey CodingExperts,
Here is the thing:
If I use this Realm in Server.xml Authencation (login page) is working:
<Realm className="org.apache.cata lina.realm .UserDatab aseRealm"/ >
If I use Realm Database in Server.xml it not working: ANYTHING WRONG IN BELOW CODE ?
<Realm className="org.apache.cata lina.realm .JDBCRealm " debug="99" driverName="org.postgressq l.Driver" connectionURL="jdbc:postgr esql://loc alhost/mmd b" userTable="users" userNameCol="user_name" userCredCol="user_password " userRoleTable="user_roles" roleNameCol="role_name"/>
OR DO i NEED TO MODIFY MY web.xml: See below and let me know.
.....
<security-constraint>
<web-resource-collection>
<web-resource-name>MyFirst </web-reso urce-name>
<description> accessible by authenticated users of the tomcat role</description>
<url-pattern>/resource/*</ url-patter n>
<http-method>GET</http-met hod>
<http-method>POST</http-me thod>
<http-method>PUT</http-met hod>
<http-method>DELETE</http- method>
</web-resource-collection>
<auth-constraint>
<description>These roles are allowed access</description>
<role-name>tomcat</role-na me>
<role-name>Administrator</ role-name>
<role-name>Read Only</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-me thod>
<realm-name>MyFirst Protected Area</realm-name>
<form-login-config>
<form-login-page>/resource /login.jsp </form-log in-page>
<form-error-page>/resource /autherr.h tml</form- error-page >
</form-login-config>
</login-config>
<security-role>
<description>Only role below is allowed to access this web application</description>
<role-name>tomcat</role-na me>
<role-name>Administrator</ role-name>
<role-name>Read Only</role-name>
</security-role>
.........
MY tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="login"/>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="Administrator"/> (this rolename present in database)
<role rolename="Read Only"/> (this rolename present in database)
<role rolename="manager"/>
<role rolename="admin"/>
<user username="admin" password="admin" roles="manager"/>
<user username="a123" password="a123" roles="Administrator,tomca t,admin,ma nager"/>
</tomcat-users>
OVERALL SUITATION: My Authencation (j_security_check) is working when I type user= a123; pass=a123 which is saved in the tomcat-users.xml but when I change my Realm setting (ie)
<Realm className="org.apache.cata lina.realm .JDBCRealm " debug="99" driverName="org.postgressq l.Driver" connectionURL="jdbc:postgr esql://loc alhost/mmd b" userTable="users" userNameCol="user_name" userCredCol="user_password " userRoleTable="user_roles" roleNameCol="role_name"/>
the login page asking user/pass, when I type user= a123; pass=a123 sending me to error page ofcourse bcoz this user/pass no in database. But then I try users of type Administrator and Ready Only present in the databse - table, its not accepting either and Redirecting me to Authentication Error Page which I created.
Regards,
H
Here is the thing:
If I use this Realm in Server.xml Authencation (login page) is working:
<Realm className="org.apache.cata
If I use Realm Database in Server.xml it not working: ANYTHING WRONG IN BELOW CODE ?
<Realm className="org.apache.cata
OR DO i NEED TO MODIFY MY web.xml: See below and let me know.
.....
<security-constraint>
<web-resource-collection>
<web-resource-name>MyFirst
<description> accessible by authenticated users of the tomcat role</description>
<url-pattern>/resource/*</
<http-method>GET</http-met
<http-method>POST</http-me
<http-method>PUT</http-met
<http-method>DELETE</http-
</web-resource-collection>
<auth-constraint>
<description>These roles are allowed access</description>
<role-name>tomcat</role-na
<role-name>Administrator</
<role-name>Read Only</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-me
<realm-name>MyFirst Protected Area</realm-name>
<form-login-config>
<form-login-page>/resource
<form-error-page>/resource
</form-login-config>
</login-config>
<security-role>
<description>Only role below is allowed to access this web application</description>
<role-name>tomcat</role-na
<role-name>Administrator</
<role-name>Read Only</role-name>
</security-role>
.........
MY tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="login"/>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="Administrator"/>
<role rolename="Read Only"/> (this rolename present in database)
<role rolename="manager"/>
<role rolename="admin"/>
<user username="admin" password="admin" roles="manager"/>
<user username="a123" password="a123" roles="Administrator,tomca
</tomcat-users>
OVERALL SUITATION: My Authencation (j_security_check) is working when I type user= a123; pass=a123 which is saved in the tomcat-users.xml but when I change my Realm setting (ie)
<Realm className="org.apache.cata
the login page asking user/pass, when I type user= a123; pass=a123 sending me to error page ofcourse bcoz this user/pass no in database. But then I try users of type Administrator and Ready Only present in the databse - table, its not accepting either and Redirecting me to Authentication Error Page which I created.
Regards,
H
ASKER
<Realm className="org.apache.cata lina.realm .JDBCRealm " debug="99" driverName="org.postgresql .Driver"
connectionURL="jdbc:postgr esql://10. 7.100.80:5 432/DBNAME "
connectionName="postgres" connectionPassword=""
userTable="users" userNameCol="user_name" userCredCol="user_password " userRoleTable="user_roles" roleNameCol="role_name"/>
I GOT ANSWER MYSELF THRU OTHER RESOURE.
connectionURL="jdbc:postgr
connectionName="postgres" connectionPassword=""
userTable="users" userNameCol="user_name" userCredCol="user_password
I GOT ANSWER MYSELF THRU OTHER RESOURE.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try going to a page that is listed as protected in your deployment descriptor (web.xml).
<security-constraint>
<web-resource-collection>
<web-resource-name>Protect
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-patte
<http-method>DELETE</http-
<http-method>GET</http-met
<http-method>POST</http-me
<http-method>PUT</http-met
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-nam
<role-name>standard</role-
</auth-constraint>
<user-data-constraint><tra
NONE</transport-guarantee>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-me
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/logi
<form-error-page>/jsp/erro
</form-login-config>
</login-config>
In this particular entry, any url under the filesystem will be protected (since the /* means all files) and you will be redirected to the login.jsp page.
Good Luck
CodingExperts