Solved

j_security_check not found

Posted on 2004-09-01
11
2,547 Views
Last Modified: 2012-05-05
The requested resource (/resource/j_security_check) is not available.

I have added stuff in  server.xml and web.xml and tried with Login page when I entered user/pass its not reconigizing j_security_check and throwing the above error.

Can anyone help what / where should be j_security_check ???

Thx
0
Comment
Question by:princehyderabad
  • 6
  • 3
11 Comments
 
LVL 6

Expert Comment

by:CodingExperts
ID: 11960284
The reason you are getting this message most likely is because you either don't have required entries in web.xml or are going directly to login.jsp page first, without trying to access a protected page. For some reason you can't go directly to login.jsp first, you have to be redirected there.

Try going to a page that is listed as protected in your deployment descriptor (web.xml).

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>standard</role-name>
</auth-constraint>
<user-data-constraint><transport-guarantee>
NONE</transport-guarantee></user-data-constraint>

<!-- Default login configuration uses form-based authentication -->

<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config>

In this particular entry, any url under the filesystem will be protected (since the /* means all files) and you will be redirected to the login.jsp page.

Good Luck
CodingExperts
0
 

Author Comment

by:princehyderabad
ID: 11976338
hi coding expert

I hv the same code which you wrote above but still I'm not getting thru?????????
Do I need to write j_security_check  SERVLET ? or its redefine serlvet in Tomcat smart enough to check itself ??
How the flow works when FORM is submitted can you explain.

Can you tell me from basic step how to set for this Authencation:

1. FORM calls j_security_check  upon submit ??  then what happens....
2. I have changed my WEB.XML as you said above but still not working....
3. I also added DB (Realm) setting in >>Tomcat>>Conf>>SERVER.XML, but still not working .....

Please help.

Regards
H
0
 
LVL 6

Expert Comment

by:CodingExperts
ID: 11979481
Can you first try with the form based authentication to see where really the problem lies ....

Look this is the part of web.xml present in $TOMCAT_HOME/webapps/jsp-examples in examples bundled with tomcat 5.0 wherein it has an example of security and has the following desciptor.

in the webaaps folder there is a /security/protected folder which contains : login.jsp;index.jsp and error.jsp
see the part of web.xml useful to u ..
..................................................................................................

<!--provide the correct JSPC servlet mapping .. -->
    <servlet>
        <servlet-name>org.apache.jsp.security.protected_.error_jsp</servlet-name>
        <servlet-class>org.apache.jsp.security.protected_.error_jsp</servlet-class>
    </servlet>

    <servlet>
        <servlet-name>org.apache.jsp.security.protected_.index_jsp</servlet-name>
        <servlet-class>org.apache.jsp.security.protected_.index_jsp</servlet-class>
    </servlet>

    <servlet>
        <servlet-name>org.apache.jsp.security.protected_.login_jsp</servlet-name>
        <servlet-class>org.apache.jsp.security.protected_.login_jsp</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>org.apache.jsp.security.protected_.error_jsp</servlet-name>
        <url-pattern>/security/protected/error.jsp</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>org.apache.jsp.security.protected_.index_jsp</servlet-name>
        <url-pattern>/security/protected/index.jsp</url-pattern>
    </servlet-mapping>

    <servlet-mapping>
        <servlet-name>org.apache.jsp.security.protected_.login_jsp</servlet-name>
        <url-pattern>/security/protected/login.jsp</url-pattern>
    </servlet-mapping>

...........................................................................................................................

   <security-constraint>
      <display-name>Example Security Constraint</display-name>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
       <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/security/protected/*</url-pattern>
       <!-- If you list http methods, only those methods are protected -->
       <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
       <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
         <role-name>tomcat</role-name>
         <role-name>role1</role-name>
      </auth-constraint>
    </security-constraint>

    <!-- Default login configuration uses form-based authentication -->
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Example Form-Based Authentication Area</realm-name>
      <form-login-config>
        <form-login-page>/security/protected/login.jsp</form-login-page>
        <form-error-page>/security/protected/error.jsp</form-error-page>
      </form-login-config>
    </login-config>
       
    <!-- Security roles referenced by this web application -->
    <security-role>
      <role-name>role1</role-name>
    </security-role>
    <security-role>
      <role-name>tomcat</role-name>
    </security-role>    
...........................................................................................................................

please see and respond in case of any problem ...

CodingExperts
0
 

Author Comment

by:princehyderabad
ID: 11999428
hi expert,

Yes I can see $tomcat>webapps>jsp-example>security>protected: has 3 jsp files (index, login, error)

When I tried this on browser,
http://localhost:8080/jsp-examples/security/protected/
it pop for user/pass ---- I tried tomcat/tomcat, admin/admin, manager/manager but nothing worked, it was always going to error page (invalide user/pass). Seems like it working in jsp-example folder, just I dont know the correct user/pass.

Anywaz this is my home structure (context):
http://localhost:8080/MSquaredWeb/resource/

here when I tried to the above URL, it pop for user/pass: when I enter tomcat/tomcat, the form action calls j_security_check and says file not found.
I replaced your above web.xml code as u said, also changed the folder names "/security/protected/" to my folder name "/resource/"

please let me how to get j_security_check worked.
0
 

Author Comment

by:princehyderabad
ID: 12002034
Hi codingexpert,

Ignore the above msg. I have finaly set few things and able to get j_security_check on my folder /resource/*

NOW HELP ME HERE:
http://localhost:8080/MSquaredWeb/resource/(Any file or folder)
its getting to Login Page, which is correct.

Now when I entered username/password, its calling j_security_check and redirecting me to Error.html
I tried  tomcat/tomcat or admin/admin or any user/pass which is present in the Tomcat 5.0>>conf>>tomcat-users.xml  but still it throws me to Error.html please help me.

This is my web.xml

<security-constraint>
        <web-resource-collection>
                <web-resource-name>MyFirst</web-resource-name>
                <description> accessible by authenticated users of the tomcat role</description>
                <url-pattern>/resource/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>PUT</http-method>
                <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
                <description>These roles are allowed access</description>
                <role-name>tomcat</role-name>
                <role-name>admin</role-name>                
        </auth-constraint>
</security-constraint>

<login-config>
        <auth-method>FORM</auth-method>
        <realm-name>MyFirst Protected Area</realm-name>
        <form-login-config>
                <form-login-page>/resource/login.jsp</form-login-page>
                <form-error-page>/resource/autherr.html</form-error-page>
        </form-login-config>
</login-config>

<security-role>
        <description>Only 'tomcat' role is allowed to access this web application</description>
        <role-name>tomcat</role-name>
        <role-name>admin</role-name>
</security-role>

This is my Server.xml (Tomcat>>Conf>>server.xml)
...
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgressql.Driver"
             connectionURL="jdbc:postgresql://localhost/mmdb"  userTable="users" userNameCol="user_name" userCredCol="user_password"
                   userRoleTable="user_roles" roleNameCol="role_name" />
....

Thanks
H
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 6

Expert Comment

by:CodingExperts
ID: 12003899
Hi Prince,
did u enter the user user names in tomcat-users.xml. in <TOMCAT_HOME>/conf/.

sample tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="admin" password="nimda" fullName="CodingExperts" roles="admin,manager,role1,tomcat"/>
 </tomcat-users>
0
 

Author Comment

by:princehyderabad
ID: 12008737
My dear coding expert I already mentioned above that I tried user in tomcat-users.xml, but not geting validate....

>>Now when I entered username/password, its calling j_security_check and redirecting me to Error.html
>>I tried  tomcat/tomcat or admin/admin or any user/pass which is present in the Tomcat 5.0>>conf>>tomcat-users.xml  but still it throws me to Error.html please help me.

Thx
0
 

Author Comment

by:princehyderabad
ID: 12012033
Hey CodingExperts,

Here is the thing:

If I use this Realm in Server.xml Authencation (login page) is working:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"/>

If I use Realm Database in Server.xml it not working: ANYTHING WRONG IN BELOW CODE ?

<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgressql.Driver"  connectionURL="jdbc:postgresql://localhost/mmdb"  userTable="users" userNameCol="user_name" userCredCol="user_password"     userRoleTable="user_roles" roleNameCol="role_name"/>

OR DO i NEED TO MODIFY MY web.xml: See below and let me know.
.....
<security-constraint>
        <web-resource-collection>
                <web-resource-name>MyFirst</web-resource-name>
                <description> accessible by authenticated users of the tomcat role</description>
                <url-pattern>/resource/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>PUT</http-method>
                <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
                <description>These roles are allowed access</description>
                <role-name>tomcat</role-name>
                <role-name>Administrator</role-name>                
                <role-name>Read Only</role-name>
        </auth-constraint>
</security-constraint>

<login-config>
        <auth-method>FORM</auth-method>
        <realm-name>MyFirst Protected Area</realm-name>
        <form-login-config>
                <form-login-page>/resource/login.jsp</form-login-page>
                <form-error-page>/resource/autherr.html</form-error-page>
        </form-login-config>
</login-config>

<security-role>
        <description>Only role below is allowed to access this web application</description>
        <role-name>tomcat</role-name>
        <role-name>Administrator</role-name>
       <role-name>Read Only</role-name>
       
</security-role>
.........
MY tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="login"/>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="Administrator"/> (this rolename present in database)
  <role rolename="Read Only"/> (this rolename present in database)
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="admin" password="admin" roles="manager"/>
  <user username="a123" password="a123" roles="Administrator,tomcat,admin,manager"/>
</tomcat-users>

OVERALL SUITATION: My Authencation (j_security_check) is working when I type user= a123;  pass=a123 which is saved in the tomcat-users.xml but when I change my Realm setting (ie)
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgressql.Driver"  connectionURL="jdbc:postgresql://localhost/mmdb"  userTable="users" userNameCol="user_name" userCredCol="user_password"     userRoleTable="user_roles" roleNameCol="role_name"/>
the login page asking user/pass, when I type  user= a123;  pass=a123  sending me to error page ofcourse bcoz this user/pass no in database. But then I try users of type Administrator and Ready Only present in the databse - table, its not accepting either and Redirecting me to Authentication Error Page which I created.  

Regards,
H
0
 

Author Comment

by:princehyderabad
ID: 12104466
     <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.postgresql.Driver"  
      connectionURL="jdbc:postgresql://10.7.100.80:5432/DBNAME"  
      connectionName="postgres" connectionPassword=""
      userTable="users" userNameCol="user_name" userCredCol="user_password"     userRoleTable="user_roles" roleNameCol="role_name"/>

I GOT ANSWER MYSELF THRU OTHER RESOURE.
0
 

Accepted Solution

by:
ee_ai_construct earned 0 total points
ID: 12414659
Question answered by asker or dialog valuable.
Closed, 150 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Moving applications to the cloud or switching services to cloud-based ones, is a stressful job.  Here's how you can make it easier.
Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now