It has been around 2 years since I've had to configure an application that uses j_security_check for form-based authentication.
I've recently made some major changes to a database (split it into a cluster of databases) and changed table names, etc.
My login.html page contains this code:
<form method="POST" action="j_security_check">
<table border="0" cellspacing="5">
<td align="left"><input type="text" name="j_username"></td>
<td align="left"><input type="password" name="j_password"></td>
<td align="right"><input type="submit" value="Log In"></td>
<td align="left"><input type="reset"></td>
My server.xml file contains this part:
driverName="org.postgresql.Driver" connectionURL="jdbc:postgresql://localhost:5432/mydb?user=my_user& password=my_password" digest="md5" userTable="user_t" userNameCol="username" userCredCol="password" userRoleTable="user_role_t" roleNameCol="role_name"/>
I've made changes to the server.xml file expecting NOT to be able to login. For example, I've changed user_t to blah_t. Then I restarted tomcat server (assuming this is necessary). However, I can STILL login.
I'm not exactly sure why this is. With my DB changes, I'm expecting to change userTable="user_t" to userTable="common.user_t".
But I don't want to begin work if I can't break this in the first place.
So, exactly how does tomcat j_security_check know which table to find the username for authentication if making changes to the above doesn't seem to affect my login?