I am using Tomcat 5.5 Form based authentication with JDBCRealm configured in
Tomcats server.xml.
When I login using the form I've developed, using a valid login name/pw (
one in my database ), all works as expected. When I enter a
username/password that is not in the database or has invalid permissions, as
expected, my error.jsp is displayed and allows me to redirect to the
login.jsp.
Basically, all works as expected except under the following circumstance:
Provide an invalid login, get the expected error screen and then enter a
valid login
The result is :
HTTP Status 404 - /Web_Demo/protected/j_security_check
Note that all works fine if I dont first enter an invalid login.
Directory structure is:
WebRoot
login.jsp
loginfail.jsp
notsecret.jsp
protected
topsecret.jsp
WEB-INF
web.xml
Files
===
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";>
<display-name>Form Security with JDBC</display-name>
<description>
Form Security with JDBC
</description>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginfail.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>admin</role-name>
</security-role>
</web-app>
login.jsp
=====
<[EMAIL PROTECTED] contentType="text/html"%>
<[EMAIL PROTECTED] pageEncoding="UTF-8"%>
<%--
The taglib directive below imports the JSTL library. If you uncomment it,
you must also add the JSTL library to the project. The Add Library... action
on Libraries node in Projects view can be used to add the JSTL 1.1 library.
--%>
<%--
<[EMAIL PROTECTED] uri="http://java.sun.com/jsp/jstl/core"; prefix="c"%>
--%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login Page</title>
</head>
<body>
<font size='5' color='blue'>Please Login</font><hr>
<form action='j_security_check' method='post'>
<table>
<tr>
<td>Name:</td>
<td><input type='text' name='j_username'></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' size='8'></td>
</tr>
</table>
<br>
<input type='submit' value='login'>
</form>
/body>
</html>
loginfail.jsp
======
<[EMAIL PROTECTED] contentType="text/html"%>
<[EMAIL PROTECTED] pageEncoding="UTF-8"%>
<%--
The taglib directive below imports the JSTL library. If you uncomment it,
you must also add the JSTL library to the project. The Add Library... action
on Libraries node in Projects view can be used to add the JSTL 1.1 library.
--%>
<%--
<[EMAIL PROTECTED] uri="http://java.sun.com/jsp/jstl/core"; prefix="c"%>
--%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
<html>
<head>
<title>Error!</title>
</head>
<body>
<p>
<font size='4' color='red'>
Username - Password validation error.
</p>
Click -start anchor tag- href='<%= response.encodeURL("login.jsp")
%>'>here -end anchor tag-
</body>
</html>
notsecret.jsp
========
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
I am not secret
</body>
</html>
topsecret.jsp
========
<%@ page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<%
String path = request.getContextPath();
String basePath =
request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'MyJsp.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
This is my JSP page. <br>
</body>
</html>
server.xml
======
fragment from server.xml setting up JDBC realm
-----------------------------------------------------------------
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="oracle.jdbc.driver.OracleDriver"
connectionURL="jdbc:oracle:thin:@localhost:1521:xe"
connectionName="ramrodConnection"
connectionPassword="connectionPassword"
userTable="user_auth" userNameCol="user_name"
userCredCol="password"
userRoleTable="user_roles" roleNameCol="role_name" />
--
View this message in context:
http://www.nabble.com/Tomcat-5.5-JDBC-Form-Authentication-tf3397086.html#a9458396
Sent from the Tomcat - Dev mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
