Solved

j_security_check not found

Posted on 2004-09-01
11
2,634 Views
Last Modified: 2012-05-05
The requested resource (/resource/j_security_check) is not available.

I have added stuff in  server.xml and web.xml and tried with Login page when I entered user/pass its not reconigizing j_security_check and throwing the above error.

Can anyone help what / where should be j_security_check ???

Thx
0
Comment
Question by:princehyderabad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
11 Comments
 
LVL 6

Expert Comment

by:CodingExperts
ID: 11960284
The reason you are getting this message most likely is because you either don't have required entries in web.xml or are going directly to login.jsp page first, without trying to access a protected page. For some reason you can't go directly to login.jsp first, you have to be redirected there.

Try going to a page that is listed as protected in your deployment descriptor (web.xml).

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>standard</role-name>
</auth-constraint>
<user-data-constraint><transport-guarantee>
NONE</transport-guarantee></user-data-constraint>

<!-- Default login configuration uses form-based authentication -->

<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>

In this particular entry, any url under the filesystem will be protected (since the /* means all files) and you will be redirected to the login.jsp page.

Good Luck
CodingExperts
0
 

Author Comment

by:princehyderabad
ID: 11976338
hi coding expert

I hv the same code which you wrote above but still I'm not getting thru?????????
Do I need to write j_security_check  SERVLET ? or its redefine serlvet in Tomcat smart enough to check itself ??
How the flow works when FORM is submitted can you explain.

Can you tell me from basic step how to set for this Authencation:

1. FORM calls j_security_check  upon submit ??  then what happens....
2. I have changed my WEB.XML as you said above but still not working....
3. I also added DB (Realm) setting in >>Tomcat>>Conf>>SERVER.XML, but still not working .....

Please help.

Regards
H
0
 
LVL 6

Expert Comment

by:CodingExperts
ID: 11979481
Can you first try with the form based authentication to see where really the problem lies ....

Look this is the part of web.xml present in $TOMCAT_HOME/webapps/jsp-examples in examples bundled with tomcat 5.0 wherein it has an example of security and has the following desciptor.

in the webaaps folder there is a /security/protected folder which contains : login.jsp;index.jsp and error.jsp
see the part of web.xml useful to u ..
..................................................................................................

<!--provide the correct JSPC servlet mapping .. -->
    <servlet>
        <servlet-name>org.apache.jsp.security.protected_.error_jsp</servlet-name>
        <servlet-class>org.apache.jsp.security.protected_.error_jsp</servlet-class>
    </servlet>

    <servlet>
        <servlet-name>org.apache.jsp.security.protected_.index_jsp</servlet-name>
        <servlet-class>org.apache.jsp.security.protected_.index_jsp</servlet-class>
    </servlet>

    <servlet>
        <servlet-name>org.apache.jsp.security.protected_.login_jsp</servlet-name>
        <servlet-class>org.apache.jsp.security.protected_.login_jsp</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>org.apache.jsp.security.protected_.error_jsp</servlet-name>
        <url-pattern>/security/protected/error.jsp</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>org.apache.jsp.security.protected_.index_jsp</servlet-name>
        <url-pattern>/security/protected/index.jsp</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>org.apache.jsp.security.protected_.login_jsp</servlet-name>
        <url-pattern>/security/protected/login.jsp</url-pattern>
    </servlet-mapping>

...........................................................................................................................

   <security-constraint>
      <display-name>Example Security Constraint</display-name>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
       <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/security/protected/*</url-pattern>
       <!-- If you list http methods, only those methods are protected -->
       <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
       <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
         <role-name>tomcat</role-name>
         <role-name>role1</role-name>
      </auth-constraint>
    </security-constraint>

    <!-- Default login configuration uses form-based authentication -->
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Example Form-Based Authentication Area</realm-name>
      <form-login-config>
        <form-login-page>/security/protected/login.jsp</form-login-page>
        <form-error-page>/security/protected/error.jsp</form-error-page>
      </form-login-config>
    </login-config>
       
    <!-- Security roles referenced by this web application -->
    <security-role>
      <role-name>role1</role-name>
    </security-role>
    <security-role>
      <role-name>tomcat</role-name>
    </security-role>    
...........................................................................................................................

please see and respond in case of any problem ...

CodingExperts
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:princehyderabad
ID: 11999428
hi expert,

Yes I can see $tomcat>webapps>jsp-example>security>protected: has 3 jsp files (index, login, error)

When I tried this on browser,
http://localhost:8080/jsp-examples/security/protected/
it pop for user/pass ---- I tried tomcat/tomcat, admin/admin, manager/manager but nothing worked, it was always going to error page (invalide user/pass). Seems like it working in jsp-example folder, just I dont know the correct user/pass.

Anywaz this is my home structure (context):
http://localhost:8080/MSquaredWeb/resource/

here when I tried to the above URL, it pop for user/pass: when I enter tomcat/tomcat, the form action calls j_security_check and says file not found.
I replaced your above web.xml code as u said, also changed the folder names "/security/protected/" to my folder name "/resource/"

please let me how to get j_security_check worked.
0
 

Author Comment

by:princehyderabad
ID: 12002034
Hi codingexpert,

Ignore the above msg. I have finaly set few things and able to get j_security_check on my folder /resource/*

NOW HELP ME HERE:
http://localhost:8080/MSquaredWeb/resource/(Any file or folder)
its getting to Login Page, which is correct.

Now when I entered username/password, its calling j_security_check and redirecting me to Error.html
I tried  tomcat/tomcat or admin/admin or any user/pass which is present in the Tomcat 5.0>>conf>>tomcat-users.xml  but still it throws me to Error.html please help me.

This is my web.xml

<security-constraint>
        <web-resource-collection>
                <web-resource-name>MyFirst</web-resource-name>
                <description> accessible by authenticated users of the tomcat role</description>
                <url-pattern>/resource/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>PUT</http-method>
                <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
                <description>These roles are allowed access</description>
                <role-name>tomcat</role-name>
                <role-name>admin</role-name>                
        </auth-constraint>
</security-constraint>

<login-config>
        <auth-method>FORM</auth-method>
        <realm-name>MyFirst Protected Area</realm-name>
        <form-login-config>
                <form-login-page>/resource/login.jsp</form-login-page>
                <form-error-page>/resource/autherr.html</form-error-page>
        </form-login-config>
</login-config>

<security-role>
        <description>Only 'tomcat' role is allowed to access this web application</description>
        <role-name>tomcat</role-name>
        <role-name>admin</role-name>
</security-role>

This is my Server.xml (Tomcat>>Conf>>server.xml)
...
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgressql.Driver"
             connectionURL="jdbc:postgresql://localhost/mmdb"  userTable="users" userNameCol="user_name" userCredCol="user_password"
                   userRoleTable="user_roles" roleNameCol="role_name" />
....

Thanks
H
0
 
LVL 6

Expert Comment

by:CodingExperts
ID: 12003899
Hi Prince,
did u enter the user user names in tomcat-users.xml. in <TOMCAT_HOME>/conf/.

sample tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="admin" password="nimda" fullName="CodingExperts" roles="admin,manager,role1,tomcat"/>
 </tomcat-users>
0
 

Author Comment

by:princehyderabad
ID: 12008737
My dear coding expert I already mentioned above that I tried user in tomcat-users.xml, but not geting validate....

>>Now when I entered username/password, its calling j_security_check and redirecting me to Error.html
>>I tried  tomcat/tomcat or admin/admin or any user/pass which is present in the Tomcat 5.0>>conf>>tomcat-users.xml  but still it throws me to Error.html please help me.

Thx
0
 

Author Comment

by:princehyderabad
ID: 12012033
Hey CodingExperts,

Here is the thing:

If I use this Realm in Server.xml Authencation (login page) is working:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"/>

If I use Realm Database in Server.xml it not working: ANYTHING WRONG IN BELOW CODE ?

<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgressql.Driver"  connectionURL="jdbc:postgresql://localhost/mmdb"  userTable="users" userNameCol="user_name" userCredCol="user_password"     userRoleTable="user_roles" roleNameCol="role_name"/>

OR DO i NEED TO MODIFY MY web.xml: See below and let me know.
.....
<security-constraint>
        <web-resource-collection>
                <web-resource-name>MyFirst</web-resource-name>
                <description> accessible by authenticated users of the tomcat role</description>
                <url-pattern>/resource/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>PUT</http-method>
                <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
                <description>These roles are allowed access</description>
                <role-name>tomcat</role-name>
                <role-name>Administrator</role-name>                
                <role-name>Read Only</role-name>
        </auth-constraint>
</security-constraint>

<login-config>
        <auth-method>FORM</auth-method>
        <realm-name>MyFirst Protected Area</realm-name>
        <form-login-config>
                <form-login-page>/resource/login.jsp</form-login-page>
                <form-error-page>/resource/autherr.html</form-error-page>
        </form-login-config>
</login-config>

<security-role>
        <description>Only role below is allowed to access this web application</description>
        <role-name>tomcat</role-name>
        <role-name>Administrator</role-name>
       <role-name>Read Only</role-name>
       
</security-role>
.........
MY tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="login"/>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="Administrator"/> (this rolename present in database)
  <role rolename="Read Only"/> (this rolename present in database)
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="admin" password="admin" roles="manager"/>
  <user username="a123" password="a123" roles="Administrator,tomcat,admin,manager"/>
</tomcat-users>

OVERALL SUITATION: My Authencation (j_security_check) is working when I type user= a123;  pass=a123 which is saved in the tomcat-users.xml but when I change my Realm setting (ie)
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgressql.Driver"  connectionURL="jdbc:postgresql://localhost/mmdb"  userTable="users" userNameCol="user_name" userCredCol="user_password"     userRoleTable="user_roles" roleNameCol="role_name"/>
the login page asking user/pass, when I type  user= a123;  pass=a123  sending me to error page ofcourse bcoz this user/pass no in database. But then I try users of type Administrator and Ready Only present in the databse - table, its not accepting either and Redirecting me to Authentication Error Page which I created.  

Regards,
H
0
 

Author Comment

by:princehyderabad
ID: 12104466
     <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgresql.Driver"  
      connectionURL="jdbc:postgresql://10.7.100.80:5432/DBNAME"  
      connectionName="postgres" connectionPassword=""
      userTable="users" userNameCol="user_name" userCredCol="user_password"     userRoleTable="user_roles" roleNameCol="role_name"/>

I GOT ANSWER MYSELF THRU OTHER RESOURE.
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 12414659
Question answered by asker or dialog valuable.
Closed, 150 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Lamba in java 8 9 252
maven webservice projet error 6 80
Set up Wildfly 10 8 445
maven disable workspace resolution 1 38
Read our guide on how to survive being on-call.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question