 | Mailing List | | Home | | Forum Home | | JBoss - Java Application Server | | Struts - A MVC web framework | | Tomcat - JSP/Servlet container | | iText - An open source PDF Java Library | | JDOM - JDOM XML Parser | | J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition | | J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog | | Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology | | JSP - A mailing list about Java Server Pages specification and reference | |
Struts & Hibernate
|
|
|
| | Re: servlet mappings and security constraints with
j_security_check | Re: servlet mappings and security constraints with
j_security_check 2003-10-13 - By Matthew Do
Back
How do I delete my name from Tomcat use list? Because I am trying use TOMCAT
but it does not work well for me at this time.
Have a good day.
Matthew Do
Seattle City Light
matthew.do@(protected)
(206) 733 - 9022
>>> ahardy.struts@(protected) 10/13/03 09:26AM >>>
I am getting the familiar status 400 - invalid direct reference, and yet
I am absolutely not surfing to the login page myself.
This is the page I am on:
https://localhost:8443/mywebapp/registerdone.do
and this is the link I am using:
https://localhost:8443/mywebapp/private/editprofile.do
This mapping is protected by my security constraints (/private/) and so
tomcat invokes the j_security_check form, and on submission tomcat gives
me the 400 status invalid direct reference.
I have the login form and the login error form SSL encrypted.
It works fine for non-HTTPS links.
Here's the web.xml snippet:
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL 4 Login</web-resource-name>
<url-pattern>/ssllogin.html</url-pattern>
<url-pattern>/sslerror.html</url-pattern>
</web-resource-collection>
<user-data-constraint>
<description>SSL required</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/private/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>BlackSailRealm</realm-name>
<form-login-config>
<form-login-page>/ssllogin.html</form-login-page>
<form-error-page>/sslerror.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>
Does anyone know what I am doing wrong, or has seen this error too?
Thanks
Adam
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
|
|
|
