Solved

j_security_check not found

Posted on 2004-09-01
11
2,571 Views
Last Modified: 2012-05-05
The requested resource (/resource/j_security_check) is not available.

I have added stuff in  server.xml and web.xml and tried with Login page when I entered user/pass its not reconigizing j_security_check and throwing the above error.

Can anyone help what / where should be j_security_check ???

Thx
0
Comment
Question by:princehyderabad
  • 6
  • 3
11 Comments
 
LVL 6

Expert Comment

by:CodingExperts
ID: 11960284
The reason you are getting this message most likely is because you either don't have required entries in web.xml or are going directly to login.jsp page first, without trying to access a protected page. For some reason you can't go directly to login.jsp first, you have to be redirected there.

Try going to a page that is listed as protected in your deployment descriptor (web.xml).

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>standard</role-name>
</auth-constraint>
<user-data-constraint><transport-guarantee>
NONE</transport-guarantee></user-data-constraint>

<!-- Default login configuration uses form-based authentication -->

<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>

In this particular entry, any url under the filesystem will be protected (since the /* means all files) and you will be redirected to the login.jsp page.

Good Luck
CodingExperts
0
 

Author Comment

by:princehyderabad
ID: 11976338
hi coding expert

I hv the same code which you wrote above but still I'm not getting thru?????????
Do I need to write j_security_check  SERVLET ? or its redefine serlvet in Tomcat smart enough to check itself ??
How the flow works when FORM is submitted can you explain.

Can you tell me from basic step how to set for this Authencation:

1. FORM calls j_security_check  upon submit ??  then what happens....
2. I have changed my WEB.XML as you said above but still not working....
3. I also added DB (Realm) setting in >>Tomcat>>Conf>>SERVER.XML, but still not working .....

Please help.

Regards
H
0
 
LVL 6

Expert Comment

by:CodingExperts
ID: 11979481
Can you first try with the form based authentication to see where really the problem lies ....

Look this is the part of web.xml present in $TOMCAT_HOME/webapps/jsp-examples in examples bundled with tomcat 5.0 wherein it has an example of security and has the following desciptor.

in the webaaps folder there is a /security/protected folder which contains : login.jsp;index.jsp and error.jsp
see the part of web.xml useful to u ..
..................................................................................................

<!--provide the correct JSPC servlet mapping .. -->
    <servlet>
        <servlet-name>org.apache.jsp.security.protected_.error_jsp</servlet-name>
        <servlet-class>org.apache.jsp.security.protected_.error_jsp</servlet-class>
    </servlet>

    <servlet>
        <servlet-name>org.apache.jsp.security.protected_.index_jsp</servlet-name>
        <servlet-class>org.apache.jsp.security.protected_.index_jsp</servlet-class>
    </servlet>

    <servlet>
        <servlet-name>org.apache.jsp.security.protected_.login_jsp</servlet-name>
        <servlet-class>org.apache.jsp.security.protected_.login_jsp</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>org.apache.jsp.security.protected_.error_jsp</servlet-name>
        <url-pattern>/security/protected/error.jsp</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>org.apache.jsp.security.protected_.index_jsp</servlet-name>
        <url-pattern>/security/protected/index.jsp</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>org.apache.jsp.security.protected_.login_jsp</servlet-name>
        <url-pattern>/security/protected/login.jsp</url-pattern>
    </servlet-mapping>

...........................................................................................................................

   <security-constraint>
      <display-name>Example Security Constraint</display-name>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
       <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/security/protected/*</url-pattern>
       <!-- If you list http methods, only those methods are protected -->
       <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
       <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
         <role-name>tomcat</role-name>
         <role-name>role1</role-name>
      </auth-constraint>
    </security-constraint>

    <!-- Default login configuration uses form-based authentication -->
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Example Form-Based Authentication Area</realm-name>
      <form-login-config>
        <form-login-page>/security/protected/login.jsp</form-login-page>
        <form-error-page>/security/protected/error.jsp</form-error-page>
      </form-login-config>
    </login-config>
       
    <!-- Security roles referenced by this web application -->
    <security-role>
      <role-name>role1</role-name>
    </security-role>
    <security-role>
      <role-name>tomcat</role-name>
    </security-role>    
...........................................................................................................................

please see and respond in case of any problem ...

CodingExperts
0
 

Author Comment

by:princehyderabad
ID: 11999428
hi expert,

Yes I can see $tomcat>webapps>jsp-example>security>protected: has 3 jsp files (index, login, error)

When I tried this on browser,
http://localhost:8080/jsp-examples/security/protected/
it pop for user/pass ---- I tried tomcat/tomcat, admin/admin, manager/manager but nothing worked, it was always going to error page (invalide user/pass). Seems like it working in jsp-example folder, just I dont know the correct user/pass.

Anywaz this is my home structure (context):
http://localhost:8080/MSquaredWeb/resource/

here when I tried to the above URL, it pop for user/pass: when I enter tomcat/tomcat, the form action calls j_security_check and says file not found.
I replaced your above web.xml code as u said, also changed the folder names "/security/protected/" to my folder name "/resource/"

please let me how to get j_security_check worked.
0
 

Author Comment

by:princehyderabad
ID: 12002034
Hi codingexpert,

Ignore the above msg. I have finaly set few things and able to get j_security_check on my folder /resource/*

NOW HELP ME HERE:
http://localhost:8080/MSquaredWeb/resource/(Any file or folder)
its getting to Login Page, which is correct.

Now when I entered username/password, its calling j_security_check and redirecting me to Error.html
I tried  tomcat/tomcat or admin/admin or any user/pass which is present in the Tomcat 5.0>>conf>>tomcat-users.xml  but still it throws me to Error.html please help me.

This is my web.xml

<security-constraint>
        <web-resource-collection>
                <web-resource-name>MyFirst</web-resource-name>
                <description> accessible by authenticated users of the tomcat role</description>
                <url-pattern>/resource/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>PUT</http-method>
                <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
                <description>These roles are allowed access</description>
                <role-name>tomcat</role-name>
                <role-name>admin</role-name>                
        </auth-constraint>
</security-constraint>

<login-config>
        <auth-method>FORM</auth-method>
        <realm-name>MyFirst Protected Area</realm-name>
        <form-login-config>
                <form-login-page>/resource/login.jsp</form-login-page>
                <form-error-page>/resource/autherr.html</form-error-page>
        </form-login-config>
</login-config>

<security-role>
        <description>Only 'tomcat' role is allowed to access this web application</description>
        <role-name>tomcat</role-name>
        <role-name>admin</role-name>
</security-role>

This is my Server.xml (Tomcat>>Conf>>server.xml)
...
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgressql.Driver"
             connectionURL="jdbc:postgresql://localhost/mmdb"  userTable="users" userNameCol="user_name" userCredCol="user_password"
                   userRoleTable="user_roles" roleNameCol="role_name" />
....

Thanks
H
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 6

Expert Comment

by:CodingExperts
ID: 12003899
Hi Prince,
did u enter the user user names in tomcat-users.xml. in <TOMCAT_HOME>/conf/.

sample tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="admin" password="nimda" fullName="CodingExperts" roles="admin,manager,role1,tomcat"/>
 </tomcat-users>
0
 

Author Comment

by:princehyderabad
ID: 12008737
My dear coding expert I already mentioned above that I tried user in tomcat-users.xml, but not geting validate....

>>Now when I entered username/password, its calling j_security_check and redirecting me to Error.html
>>I tried  tomcat/tomcat or admin/admin or any user/pass which is present in the Tomcat 5.0>>conf>>tomcat-users.xml  but still it throws me to Error.html please help me.

Thx
0
 

Author Comment

by:princehyderabad
ID: 12012033
Hey CodingExperts,

Here is the thing:

If I use this Realm in Server.xml Authencation (login page) is working:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"/>

If I use Realm Database in Server.xml it not working: ANYTHING WRONG IN BELOW CODE ?

<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgressql.Driver"  connectionURL="jdbc:postgresql://localhost/mmdb"  userTable="users" userNameCol="user_name" userCredCol="user_password"     userRoleTable="user_roles" roleNameCol="role_name"/>

OR DO i NEED TO MODIFY MY web.xml: See below and let me know.
.....
<security-constraint>
        <web-resource-collection>
                <web-resource-name>MyFirst</web-resource-name>
                <description> accessible by authenticated users of the tomcat role</description>
                <url-pattern>/resource/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>PUT</http-method>
                <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
                <description>These roles are allowed access</description>
                <role-name>tomcat</role-name>
                <role-name>Administrator</role-name>                
                <role-name>Read Only</role-name>
        </auth-constraint>
</security-constraint>

<login-config>
        <auth-method>FORM</auth-method>
        <realm-name>MyFirst Protected Area</realm-name>
        <form-login-config>
                <form-login-page>/resource/login.jsp</form-login-page>
                <form-error-page>/resource/autherr.html</form-error-page>
        </form-login-config>
</login-config>

<security-role>
        <description>Only role below is allowed to access this web application</description>
        <role-name>tomcat</role-name>
        <role-name>Administrator</role-name>
       <role-name>Read Only</role-name>
       
</security-role>
.........
MY tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="login"/>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="Administrator"/> (this rolename present in database)
  <role rolename="Read Only"/> (this rolename present in database)
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="admin" password="admin" roles="manager"/>
  <user username="a123" password="a123" roles="Administrator,tomcat,admin,manager"/>
</tomcat-users>

OVERALL SUITATION: My Authencation (j_security_check) is working when I type user= a123;  pass=a123 which is saved in the tomcat-users.xml but when I change my Realm setting (ie)
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgressql.Driver"  connectionURL="jdbc:postgresql://localhost/mmdb"  userTable="users" userNameCol="user_name" userCredCol="user_password"     userRoleTable="user_roles" roleNameCol="role_name"/>
the login page asking user/pass, when I type  user= a123;  pass=a123  sending me to error page ofcourse bcoz this user/pass no in database. But then I try users of type Administrator and Ready Only present in the databse - table, its not accepting either and Redirecting me to Authentication Error Page which I created.  

Regards,
H
0
 

Author Comment

by:princehyderabad
ID: 12104466
     <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgresql.Driver"  
      connectionURL="jdbc:postgresql://10.7.100.80:5432/DBNAME"  
      connectionName="postgres" connectionPassword=""
      userTable="users" userNameCol="user_name" userCredCol="user_password"     userRoleTable="user_roles" roleNameCol="role_name"/>

I GOT ANSWER MYSELF THRU OTHER RESOURE.
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 12414659
Question answered by asker or dialog valuable.
Closed, 150 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When we talk about DevOps toolchains, I sometimes wonder how many people really get what we’re talking about. I don’t know if it’s just semantics or tone or something else, but sometimes I think it just sounds like buzzword sausage. So it’s always …
This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now