Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

form based j_security_check authentication

Posted on 2012-03-25
5
Medium Priority
?
857 Views
Last Modified: 2012-04-02
It has been around 2 years since I've had to configure an application that uses j_security_check for form-based authentication.

I've recently made some major changes to a database (split it into a cluster of databases) and changed table names, etc.

My login.html page contains this code:

<form method="POST" action="j_security_check">
  <table border="0" cellspacing="5">
    <tr>
      <th align="right">Username:</th>
      <td align="left"><input type="text" name="j_username"></td>
    </tr>
    <tr>
      <th align="right">Password:</th>
      <td align="left"><input type="password" name="j_password"></td>
    </tr>
    <tr>
      <td align="right"><input type="submit" value="Log In"></td>
      <td align="left"><input type="reset"></td>
    </tr>
  </table>
</form>

Open in new window


My server.xml file contains this part:

driverName="org.postgresql.Driver" connectionURL="jdbc:postgresql://localhost:5432/mydb?user=my_user&amp; password=my_password" digest="md5" userTable="user_t" userNameCol="username" userCredCol="password" userRoleTable="user_role_t" roleNameCol="role_name"/>

Open in new window


I've made changes to the server.xml file expecting NOT to be able to login.  For example, I've changed user_t to blah_t.  Then I restarted tomcat server (assuming this is necessary).  However, I can STILL login.

I'm not exactly sure why this is.  With my DB changes, I'm expecting to change userTable="user_t" to userTable="common.user_t".  But I don't want to begin work if I can't break this in the first place.

So, exactly how does tomcat j_security_check know which table to find the username for authentication if making changes to the above doesn't seem to affect my login?
0
Comment
Question by:mock5c
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 37764544
can you check FormAuthenticator.java. you can know which user name and password it will take or refer
0
 
LVL 27

Accepted Solution

by:
mrcoffee365 earned 2000 total points
ID: 37765735
"FormAuthenticator.java" is not part of this question.

The real answer is in your settings.  In server.xml, the <Realm setting which references where your user logins are has to be associated with the <Host you are trying to log in as.  When you change the table name to something which doesn't exist, if you are changing the right thing, you will get a login error and you'll see a message something like the following in your logs:

SEVERE: Exception performing authentication
java.sql.SQLException: [Postgres] The Postgres database engine cannot find the input table or query 'blah_t'.

You have to restart Tomcat every time you change server.xml, so if you changed it, but didn't restart it, you won't see it behave like your changes.
0
 

Author Comment

by:mock5c
ID: 37790987
I got it working and I now know what the problem was.

The mind-boggling thing was that in my test environment, I could make the changes and got the expected behavior (could not log in when providing a table name that does not exist).  But in the production environment, I could change it to anything and still be able to log in.  It turned out that the conf files in the test environment that I changed were symbolically linked to /etc/tomcat6 directory but in the production environment, it was just copy of the server.xml and not symbolically linked to the actual file that need to be changed.

Anyway, thanks for explaining about <Realm and <Host setting and the fact that I must restart tomcat every time server.xml file is changed.
0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 37791014
Thanks for posting back with the explanation of the problem.  I think it's part of what we do, confirm how things work, so that you can start looking for alternative explanations.
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 37794976
:) .... i am not clearly understand the question ...  but gr8 by mrcoffee365 ...
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While opting for any web-to-print solution, you need to discuss with your team and some of your end users and know their opinions about your decisions. In this article we list down some questions you need to ask yourself.
Instead of error trapping or hard-coding for non-updateable fields when using QODBC, let VBA automatically disable them when forms open. This way, users can view but not change the data. Part 1 explained how to use schema tables to do this. Part 2 h…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question