J_security_check error

We are tyring to deploy a simple application using form-based authentication
on iPlanet Application Server 6.0 SP 2. The login form shows up, however
regardless of userid/password entered we get the following error:
// on the screen
GX Error (GX2GX)
socket result code missing!!!
URL is trying to go to ...NASApp/myDir/j_security_check
// in the error log
[28/Jun/2001:16:20:29] warning ( 722): CrackRequestGuid reports: NameTrans
lookup failed for {Applogic Servlet watch_j_security_check}
Our login page is:
form method="POST" action="j_security_check">
<input type="text" name="j_username">
<input type="password" name="j_password">
<input type="submit" value="login">
</form>
We were using the GUI deployment tool and were following the manual.
Can anyone help me?
Thanks ...
Pino.

Just check your registry under the key
SOFTWARE/iPlanet/ApplicationServer/6.0/J2eeModule/<your-war-module> ..
Here check the auth-method key. It should contain the word FORM in caps. If it
is in small or mixed case, the the application will fail. Change it to FORM.
Also check the "login-config" key here. It should also display the word Form in
caps.
You can do this and run the application again. Make sure you restart the
web-server.
Irfan Ahmed.
"Caracciolo, Pino [CRK:P914:EXCH]" wrote:
We are tyring to deploy a simple application using form-based authentication
on iPlanet Application Server 6.0 SP 2. The login form shows up, however
regardless of userid/password entered we get the following error:
// on the screen
GX Error (GX2GX)
socket result code missing!!!
URL is trying to go to ...NASApp/myDir/j_security_check
// in the error log
[28/Jun/2001:16:20:29] warning ( 722): CrackRequestGuid reports: NameTrans
lookup failed for {Applogic Servlet watch_j_security_check}
Our login page is:
form method="POST" action="j_security_check">
<input type="text" name="j_username">
<input type="password" name="j_password">
<input type="submit" value="login">
</form>
We were using the GUI deployment tool and were following the manual.
Can anyone help me?
Thanks ...
Pino.

Similar Messages

J_security_check / Error 404

Hi,
I am trying to modify an application that works with Apache and Tomcat server.
I tried to add basic form authentication, but when I enter a login-name/password I get an HTTP 404 Error about the requested page, that it was not found.
Here are my web.xml and logon.jsp files:
======================== web.xml ========================
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"webapps/rosettanet/WEB-INF/web-app_2_2.dtd">
<web-app>

<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>STK</web-resource-name>
<url-pattern>/RnsttHome.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>customer</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/logon.jsp</form-login-page>
<form-error-page>/logonError.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>customer</role-name>
</security-role>
<welcome-file-list>
<welcome-file>
RnsttHome.jsp
</welcome-file>
</welcome-file-list>
</web-app>
=======================================================
======================== logon.jsp =======================
<%@ page contentType="text/html" %>
<%-- Log-In Page --%>
<html>
<head><title></title></head>
<center>
<h3>This is a login page.</h3>
<br><br><form action="j_security_check" method=post>
<table>
<tr>
<td align="center">
<table border="0">
<tr>
<td><b>Enter your name: </b></td>
<td><input type="text" size="15" name="j_username"></td>
</tr>
<tr>
<td><b>Enter your password: </b></td>
<td><input type="password" size="15" name="j_password"></td>
</tr>
<tr>
<td></td>
<td align="right"><input type="submit" value="Submit"></td>
</tr>
<tr>
<td><br></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
</center>
</html>
=======================================================
Tomcat is version 3.2 and Apache is version 1.3.19
The application is located inside Tomcat, folder webapps.Any suggestions or ideas?I honestly don't know how to solve this problem.I looked at other similar threads but none of the suggestions or solutions posted work for my case...
Arapakis Giannis
IT-Postgraduate Student

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
what do you get when you enter in an invalid username/password - your logonError.jsp? page
How do you access this page - is your destination page available, and working?
I take it you are trying to access /RnsttHome.jsp
Check the spelling of your URL - maybe try accessing another file under securlty to see if that one works?
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- It doesn't really matter whether I enter a correct username/password or an invalid one, cause I get the 404 Error. I am not re-directed to the logonError.jsp at all. I can only see that the browser is looking for J_security_check...at least that's what is written on the url when I get the 404 error.
e.g.
http://localhost/myapplication/j_security_check
-- The destination page is RnsttHone.jsp and it is working fine.I don't think that this is the problem.
-- I have tried accessing other files as well.That's not the problem.They all have the same problem with j_security_check...
Arapakis Giannis

J_security_check error 404 login twice.

Hi, i encountered a problem with authentication based on form and containter. I have a login.xhtml (later mapped to login.jsf) page that contains:
<form action="j_security_check" method="post">
                        <div style="clear: both">
                            User:
                            <input type="text" name="j_username" size="25" class="textfield" tabindex="1"></input>
                            <input type="reset" value="Reset" class="button" tabindex="4"></input>
                        </div>
                        <div style="clear: both">
                            Password:
                            <input type="password" size="25" name="j_password" class="textfield" tabindex="2"></input>
                            <input type="submit" value="Submit" class="button" tabindex="3"></input>
                        </div>
                    </form>The authorisation is based on LDAP. The problem is when i open this login page in two separate tabs in the same browser. I log in to restricted page in the first tab, everything is ok. But when i try to log in in the second tab while still being logged in the first tab, i get error 404 service not available. Any ideas how to deal with such situation?

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
what do you get when you enter in an invalid username/password - your logonError.jsp? page
How do you access this page - is your destination page available, and working?
I take it you are trying to access /RnsttHome.jsp
Check the spelling of your URL - maybe try accessing another file under securlty to see if that one works?
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- It doesn't really matter whether I enter a correct username/password or an invalid one, cause I get the 404 Error. I am not re-directed to the logonError.jsp at all. I can only see that the browser is looking for J_security_check...at least that's what is written on the url when I get the 404 error.
e.g.
http://localhost/myapplication/j_security_check
-- The destination page is RnsttHone.jsp and it is working fine.I don't think that this is the problem.
-- I have tried accessing other files as well.That's not the problem.They all have the same problem with j_security_check...
Arapakis Giannis

J_security_check & error pages

I've inherited an app that utilizes j_security_check and everything works fine. I am trying to find a way to have multiple error pages (or allow the current error page to be customized), depending on the reason for the login failure. It seems you can only specify one error page in web.xml (is this correct?). Can you extract any information from the server (we're using Jboss2.2.1-Tomcat3.2.1) about why the login failed?
Thanks

Assuming you are talking about the form-error-page tag,...
Even though you can specify one resource here, in the code that sits behind that resource, you could do many different things. Right ? For example, if that resource is set to map to a JSP, in that JSP, you could forward to one of different JSPs in turn. Is that in line with what you were/are trying to do ?

Problem with j_security_check - Error 404

Hi,
I am trying to modify an application that works with Apache and Tomcat server.
I tried to add basic form authentication, but when I enter a login-name/password I get an HTTP 404 Error about the requested page, that it was not found.
Here are my web.xml and logon.jsp files:
======================== web.xml ========================
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"webapps/rosettanet/WEB-INF/web-app_2_2.dtd">
<web-app>

<security-constraint>
     <display-name>SecurityConstraint</display-name>
     <web-resource-collection>
          <web-resource-name>STK</web-resource-name>
          <url-pattern>/RnsttHome.jsp</url-pattern>
          <http-method>DELETE</http-method>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
          <http-method>PUT</http-method>
     </web-resource-collection>
     <auth-constraint>
          <role-name>customer</role-name>
     </auth-constraint>
     <user-data-constraint>
          <transport-guarantee>NONE</transport-guarantee>
     </user-data-constraint>
</security-constraint>
<login-config>
     <auth-method>FORM</auth-method>
     <realm-name>file</realm-name>
     <form-login-config>
          <form-login-page>/logon.jsp</form-login-page>
          <form-error-page>/logonError.jsp</form-error-page>
     </form-login-config>
</login-config>

<security-role>
     <role-name>customer</role-name>
</security-role>
<welcome-file-list>
     <welcome-file>
          RnsttHome.jsp
     </welcome-file>
</welcome-file-list>
</web-app>
=======================================================
======================== logon.jsp =======================
<%@ page contentType="text/html" %>
<%-- Log-In Page --%>
<html>
<head><title></title></head>
<center>
<h3>This is a login page.</h3>
<br><br><form action="j_security_check" method=post>
<table>
<tr>
<td align="center">
<table border="0">
<tr>
<td><b>Enter your name: </b></td>
<td><input type="text" size="15" name="j_username"></td>
</tr>
<tr>
<td><b>Enter your password: </b></td>
<td><input type="password" size="15" name="j_password"></td>
</tr>
<tr>
<td></td>
<td align="right"><input type="submit" value="Submit"></td>
</tr>
<tr>
<td><br></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
</center>
</html>
=======================================================
I also noticed the following messages in the mod_jk.log
=======================================================
[jk_ajp12_worker.c (596)]: ajpv12_handle_response, error writing back to server
[jk_ajp12_worker.c (596)]: ajpv12_handle_response, error writing back to server
[jk_ajp12_worker.c (498)]: ajpv12_handle_response, error reading header line
[jk_ajp12_worker.c (498)]: ajpv12_handle_response, error reading header line
[jk_ajp12_worker.c (498)]: ajpv12_handle_response, error reading header line
[jk_ajp12_worker.c (498)]: ajpv12_handle_response, error reading header line
[jk_ajp12_worker.c (498)]: ajpv12_handle_response, error reading header line
[jk_ajp12_worker.c (498)]: ajpv12_handle_response, error reading header line
[jk_ajp12_worker.c (498)]: ajpv12_handle_response, error reading header line
[jk_ajp12_worker.c (596)]: ajpv12_handle_response, error writing back to server
[jk_ajp12_worker.c (498)]: ajpv12_handle_response, error reading header line
[jk_ajp12_worker.c (498)]: ajpv12_handle_response, error reading header line
[jk_ajp12_worker.c (498)]: ajpv12_handle_response, error reading header line
[jk_ajp12_worker.c (498)]: ajpv12_handle_response, error reading header line
[jk_connect.c (143)]: jk_open_socket, connect() failed errno = 61
[jk_ajp12_worker.c (152)]: In jk_endpoint_t::service, Error sd = -1
[jk_ajp12_worker.c (517)]: ajpv12_handle_response, no value supplied
=======================================================
I know for sure that Tomcat is configured to handle all the .jsp pages. This is mod_jk.conf-auto
=======================================================
JkMount /*.jsp ajp12
JkMount /servlet/* ajp12
=======================================================
The application is located inside Tomcat folder webapps.Any suggestions or ideas?I honestly don't know how to solve this problem.I looked at other similar threads but none of the suggestions or solutions posted work for my case...
Arapakis Giannis
IT-Postgraduate Student

No, that's not the problem.I am sure that it finds the pages "logon.jsp" and "logonError.jsp".There is no need to remove the "/".
The problem is that after I am redirected to the logon.jsp and enter a login-name/password I press the submit button and then I get the 404 error.
Have you configured Apache to recognise the "j_security_check" URL to be forwarded to Tomcat appropriately? It probably does not do this by default.
That might be the problem.Could you please tell me how to check if Apache is configured appropriately?Which configuration file should I check and for what parameter should I look for?

J_security_check internal server error.

Did somebody experienced this error? and what is the solution?
Thanks. I using WL 6 sp1 on NT server 4.
1- I created a user 'xena' in WL console; note: 'xena' does not belong to the
WL Administrators group
2- I created an application with the following web.xml and i war it and deploy
it. The web.xaml content is included below.
I connect through the browser i get the login page. I enters the correct credentials
for 'xena'; i got redirected to the
LoginError.jsp page. I re-enter the correct credentials in the
LoginError.jsp I get the following error page:
http://someip:7001/csearch/j_security_check
Error 500--Internal Server Error
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.5.1 500 Internal Server Error
The server encountered an unexpected condition which prevented it from fulfilling
the request.
The web.xml file contents:
<?xml version="1.0" ?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 1.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<welcome-file-list>
<welcome-file>NewUser.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name> MySecureBit0 </web-resource-name>
<description>no description </description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Administrators</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyRDBMS Realm</realm-name>
<form-login-config>
<form-login-page>Login.jsp</form-login-page>
<form-error-page>LoginError.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>

Are you still running into this issue?
Also, please note that we recently released a new version of Oracle Help, version 5.0, available here:
http://www.oracle.com/technology/tech/java/help/index.html
Regards, Maria

J_security_check causing 404 Error

<b>Hello All<BR>
I am using Weblogic 8.1 SP3, I am trying to use the Active Directory as a means for Authentication via a FORM based login-module. <BR>
I have followed the directions in the Weblogic Security documentation but I am getting a 404 Error when I submit the login form. It looks like that my configuration does not recognize the j_security_check. I don't know what is missing in my configuration. It is just a plain simple Weblogic Server domain. <BR>
I have pasted my web.xml, weblogic.xml, config.xml and login.html file. I would appreciate any help in this regards.<BR>
Thanks in advance<BR>
Rajeev Bhogal <BR></b>------------------------------------------------<BR>
<b>Web.xml</b><BR>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
     <welcome-file-list>
          <welcome-file>welcome.jsp</welcome-file>
     </welcome-file-list>
     <security-constraint>
          <web-resource-collection>
               <web-resource-name>welcomePage</web-resource-name>
               <description>
                    The Welcome Page and all other resources
               </description>
               <url-pattern>/*</url-pattern>
               <http-method>GET</http-method>
<http-method>POST</http-method>
          </web-resource-collection>
          <auth-constraint>
               <role-name>COSTWebAppUser</role-name>
          </auth-constraint>
     </security-constraint>
     <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>default</realm-name>
          <form-login-config>
               <form-login-page>login.html</form-login-page>
               <form-error-page>login-invalid.jsp</form-error-page>
          </form-login-config>
     </login-config>
     <security-role>
          <description>The Cost Web App users</description>
          <role-name>COSTWebAppUser</role-name>
     </security-role>
</web-app>
---------------------------------------------------<BR>
<b>Weblogic.xml</b><BR>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE weblogic-web-app
PUBLIC "-//BEA Systems, Inc.//DTD Web Application 8.1//EN"
"http://www.bea.com/servers/wls810/dtd/weblogic810-web-jar.dtd" >
<weblogic-web-app>
     <security-role-assignment>
          <role-name>COSTWebAppUser</role-name>
          <principal-name>WebAppUser_group</principal-name>
     </security-role-assignment>
     <container-descriptor>
          <check-auth-on-forward/>
     </container-descriptor>
     <context-root>cost</context-root>
</weblogic-web-app>
-------------------------------------------------<BR>
<b>Config.xml</b><BR>
<?xml version="1.0" encoding="UTF-8"?>
<Domain ConfigurationVersion="8.1.3.0" Name="cost">
<Server ExpectedToRun="false" ListenAddress="" ListenPort="7002"
Name="costserver" NativeIOEnabled="true"
ReliableDeliveryPolicy="RMDefaultPolicy" ServerVersion="8.1.3.0">
<SSL Enabled="false" HostnameVerificationIgnored="false"
IdentityAndTrustLocations="KeyStores" Name="costserver"/>
</Server>
<JMSFileStore Directory="rmfilestore" Name="FileStore"/>
<WSReliableDeliveryPolicy DefaultRetryCount="10"
DefaultTimeToLive="60000" Name="RMDefaultPolicy" Store="FileStore"/>
<Security Name="cost" PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm" RealmSetup="true">
<weblogic.security.providers.authentication.DefaultAuthenticator
ControlFlag="SUFFICIENT"
Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authentication.DefaultIdentityAsserter
ActiveTypes="AuthenticatedUser"
Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultRoleMapper
Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAuthorizer
Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAdjudicator
Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.credentials.DefaultCredentialMapper
Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
<weblogic.management.security.authentication.UserLockoutManager
Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
<weblogic.management.security.Realm
Adjudicator="Security:Name=myrealmDefaultAdjudicator"
AuthenticationProviders="Security:Name=myrealmActiveDirectoryAuthenticator|Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter"
Authorizers="Security:Name=myrealmDefaultAuthorizer"
CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
DefaultRealm="true" DisplayName="myrealm"
Name="Security:Name=myrealm"
RoleMappers="Security:Name=myrealmDefaultRoleMapper" UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
<weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
ControlFlag="SUFFICIENT"
Credential="{3DES}wC2qC6JGP2Ejslt9YBUQXA=="
GroupBaseDN="OU=WebApp Testing,DC=dna,DC=tcorp,DC=cibcwm,DC=com"
Host="10.127.30.77"
Name="Security:Name=myrealmActiveDirectoryAuthenticator"
Principal="CN=costadmin,CN=Users,DC=dna,DC=tcorp,DC=cibcwm,DC=com"
Realm="Security:Name=myrealm" UserBaseDN="CN=Users,DC=dna,DC=tcorp,DC=cibcwm,DC=com"/>
</Security>
<EmbeddedLDAP
Credential="{3DES}itnOzBVUKKxXTwrsE0931yGJo8kr/c/yoacbH+aqD78=" Name="cost"/>
<SecurityConfiguration
Credential="{3DES}UAu57FhReq0paDOgNlRBxIhitxG70lwKu8FLhEvrneZRBFWCPi0gViZCPB3Qx5h09H7cef7V6Y9MXlPAv9Zgx9lz/j2w8BXL"
Name="cost" RealmBootStrapVersion="1"/>
<Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
<FileRealm Name="wl_default_file_realm"/>
<PasswordPolicy Name="wl_default_password_policy"/>
<JMSServer Name="WSStoreForwardInternalJMSServercostserver"
Store="FileStore" Targets="costserver">
<JMSQueue CreationTime="1153845019403"
JNDIName="jms.internal.queue.WSStoreForwardQueue"
JNDINameReplicated="false" Name="WSInternaljms.internal.queue.WSStoreForwardQueuecostserver"/>
<JMSQueue CreationTime="1153845019840"
JNDIName="jms.internal.queue.WSDupsEliminationHistoryQueue"
JNDINameReplicated="false" Name="WSInternaljms.internal.queue.WSDupsEliminationHistoryQueuecostserver"/>
</JMSServer>
<Application Name="cost" Path="H:\eclipse\workspace\cost"
StagingMode="nostage" TwoPhase="true">
<WebAppComponent Name="WebRoot" Targets="costserver" URI="WebRoot"/>
</Application>
</Domain>

Hi Brian;
From the error we see " http://server:7001/coolapp/messagebroker/amf'". It seems you are trying to access the flex app over https but access the backend remote servce via http.
If that is the case, I have an old blog post that may help in that situation. http://blogs.adobe.com/lin/archives/2008/04/how_to_access_f.html
If that is not what you are trying to do, or your issue is more compilcated, please open a support case if you have a support contract.

J_security_check 404 error Please please help me

I am new to this forum although I have been lurking around for while:)
I have a question about j_security_check.
I am working in Apache Tomcat server and I want to set up form based authentication. So I used j_security_check and I get an error 404 j_security_check page not found.
I am not sure how this is supposed to work.
1. Am I supposed to load the secured pages before I login and j_security_check should send me to the login.jsp page?
Or should I start with teh login.jsp page and if my login is incorrect, then I cannot load any page? (until I login correctly)
I always get 404 j_sedurity_check not found when I try to click submit button in login.jsp page and when I try to open other pages (even without login) I am able to open.
Can you please help me?
Should I register j_security_check in web.xml, if yes, please tell me how and give me a sample, please........
Here's my code:
web.xml
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>STK</web-resource-name>
<url-pattern>/*.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>customer</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/logi</form-login-config>
</login-config>
I am in the list of user in tocat-users.xml
My login.jsp
<form action="Servlet.j_security_check" method="POST">
<center>
<table cellpadding=4 cellspacing=2 border=0>
<th bgcolor="#CCCCFF" colspan=2>
<font size=5>Business Owner Login</font>
<br>
<font size=1><sup>*</sup> Required Fields</font>
</th>
<tr bgcolor="Aqua">
<td valign=top>
<b>User ID<sup>*</sup></b>
<br>
<td valign=top>
<input type="text" name="j_username"></td>
<td valign=top>
<b>Password<sup>*</sup></b>
<br>
<td valign=top>
<input type="password" name="j_password" value="" size=15 maxlength=20></td>
<td valign=top>
</tr>
<tr bgcolor="#c8d8f8">
<td align=center colspan=2>
<input type="submit" value="Log In">
</td>
</tr>
</TABLE>
</BODY>
</HTML>

I had the same problem. I believe the problem lies
in your url-pattern.
The xml file cannot parse "*.jsp" so try doing
something like /*
I am new to this forum although I have beenlurking
around for while:)
I have a question about j_security_check.
I am working in Apache Tomcat server and I want to
set up form based authentication. So I used
j_security_check and I get an error 404
j_security_check page not found.
I am not sure how this is supposed to work.
1. Am I supposed to load the secured pages beforeI
login and j_security_check should send me to the
login.jsp page?
Or should I start with teh login.jsp page and ifmy
login is incorrect, then I cannot load any page?
(until I login correctly)
I always get 404 j_sedurity_check not found when I
try to click submit button in login.jsp page andwhen
I try to open other pages (even without login) Iam
able to open.
Can you please help me?
Should I register j_security_check in web.xml, if
yes, please tell me how and give me a sample,
please........
Here's my code:
web.xml
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>STK</web-resource-name>
<url-pattern>/*.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>customer</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/logi</form-login-config>
</login-config>
I am in the list of user in tocat-users.xml
My login.jsp
<form action="Servlet.j_security_check"
method="POST">
<center>
<table cellpadding=4 cellspacing=2 border=0>
<th bgcolor="#CCCCFF" colspan=2>
<font size=5>Business Owner Login</font>
<br>
<font size=1><sup>*</sup> Required Fields</font>
</th>
<tr bgcolor="Aqua">
<td valign=top>
<b>User ID<sup>*</sup></b>
<br>
<td valign=top>
<input type="text" name="j_username"></td>
<td valign=top>
<b>Password<sup>*</sup></b>
<br>
<td valign=top>
<input type="password" name="j_password" value=""
size=15 maxlength=20></td>
<td valign=top>
</tr>
<tr bgcolor="#c8d8f8">
<td align=center colspan=2>
<input type="submit" value="Log In">
</td>
</tr>
</TABLE>
</BODY>
</HTML>
Hi, Thanks. That works. I changed *.jsp tp \* and it works. Thanks.
Now I have another error:
When I load any page, it takes to login.jsp and I enter the user id and password and if it is correct, it takes me to some image (this is one of the images in the images folder that I have). I have no clue why it goes to that always, when login is successful. It doesn't go to the originally requested page.
What do I have tyo set up to make that happen (meaning if I start with one_two.jsp, it takes me to login.jsp and after I login, I want one_two.jsp to come automatically? How to do that?)
Thanks in advance.

J_security_check - custom error page

Hi all,
I've successfully run jazndemo - callerInfo sample from
Oracle 9iAS and OC4J - version 9.0.3
I then modified web.xml to use FORM-based auth,
instead of BASIC auth.
I utilize j_security_check for this purpose.
FYI:
- I use JAZNUserManager with XML (jazn-data.xml)
- My browser is IE ver 5.0
- I use OC4J 9.0.3.0.0
This is the excerpt of my web.xml:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>login.html</form-login-page>
<form-error-page>error.html</form-error-page>
</form-login-config>
</login-config>
It does run properly when I supplied correct userId and
correct password, BUT if I supplied wrong UserId and/or
password, OC4J ALWAYS display generic 403 (Forbidden) page !!
Is it a bug?? It should display error.html instead.
Please give me a hand on this, this thing really
frustrate me..
Any pointer would be a great help,
Thanks in advance,
--fadly

After I re-read the post to make some sense out of it I have to add
I have already added the drop down but how can I retrieve what is being selected after user presses login button

Errors or exception in j_security_check?

Can I capture any error or exception in a error page with the j_security_check?
For example, when the login, the pass or the role are failed.
Thanks!!

Yes you can capture error or exception with j_security_check by defining
<form-error-page>/MyErrorPage.jsp</form-error-page>
but not clear with what you mean to ask in example.

Error 403-forbidden from IE5 while authenticating a user through NT Realm

Hi,
Before posting this request, I checked the forum until Sep.18 to see if nobody
else experienced my problem, but in vain.
I am using WLS6.1Sp1 under NT4
I would like that NT users for defined NT Primary Domain Controller authenticate
themselves before accessing a web app. For that, I followed thoroughly the BEA
Doc to get the config.xml, web.xml, weblogic.xml and filerealm.properties correctly
configured.
The <auth-method> is set to FORM. The <security-role> and <security-role-assignment>
are also set with business roles and principals from the NT PDC. the <security-constraint>
with all the sub-tags are also defined. etc.etc. When I use the WL console, to
check users and groups lists, it works fine although it takes a lot of time before
being displayed (15 to 20 minutes !!!).
Through a Login.jsp, the user enters his/her login name and password. The result
is that I get the following message :
"Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization
will not help and the request SHOULD NOT be repeated. If the request method was
not HEAD and the server wishes to make public why the request has not been fulfilled,
it SHOULD describe the reason for the refusal in the entity. This status code
is commonly used when the server does not wish to reveal exactly why the request
has been refused, or when no other response is applicable."
No trace in the log files. No warning . Nothing.
My questions are:
1- Has somebody already experienced this?
2- Could you then help me ?
By advance , thank you very much.
Athmani H.
Note : I can provide you through email the config.xml, web.xml, weblogic.xml and
filerealm.properties and the concerned .jsp files on demand

Hi Jerry,
Many thanks for your interest and your help.
weblogic.properties file for WLS 6.1 SP1? There is none... I do have a filerealm.properties. I didn't state that I was using a weblogic.properties
file.
I checked the URL you proposed. I changed the <Auth-method> from FORM into BASIC.
A pop-up window is displayed requesting the user to enter username and password.
The result is that I get a web page displaying an Error 404 --not found.
Here is the complete error message :"Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given
of whether the condition is temporary or permanent.If the server does not wish
to make this information available to the client, the status code 403 (Forbidden)
can be used instead. The 410 (Gone) status code SHOULD be used if the server knows,
through some internally configurable mechanism, that an old resource is permanently
unavailable and has no forwarding address."
The message is displayed when the browser tries to resolve the following URL :http://localhost:7001/examplesWebApp/j_security_check
Having said that, I had already configured the <security-role-assignement> with
role-name and principals in weblogic.xml, as well as the <security-role> tag in
web.xml.
Thanks for your help
Cheers
Habib
Jerry <[email protected]> wrote:
Hi Athmani,
weblogic.properties file for WLS 6.1 SP1? There is none... weblogic.properties
is in WebLogic
5.1 and lower -- it was changed to config.xml for WLS 6.0 .. what are
you using your
weblogic.properties file for?
Anyways,
I have gotten NTRealms to successfully work with WLS 6.1, with security
on a web app, allowing
NT users to access certain resources. This stuff works.
Since you can see your users and groups through the console (even though
it takes a while) I
think that your NTRealm setup is okay.
I would guess that you have a problem with your deployment descriptors
in your web
application.
There are quite a few posts in this newsgroup that illustrate how to
set up security
constraints on resources in your web app with the deployment descriptors.
For example, check out
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.developer.interest.security&item=6244&utag=
Let me know how it goes, okay?
Cheers,
Joe Jerry
"Athmani H." wrote:
Hi,
Before posting this request, I checked the forum until Sep.18 to seeif nobody
else experienced my problem, but in vain.
I am using WLS6.1Sp1 under NT4
I would like that NT users for defined NT Primary Domain Controllerauthenticate
themselves before accessing a web app. For that, I followed thoroughlythe BEA
Doc to get the config.xml, web.xml, weblogic.xml and filerealm.propertiescorrectly
configured.
The <auth-method> is set to FORM. The <security-role> and <security-role-assignment>
are also set with business roles and principals from the NT PDC. the<security-constraint>
with all the sub-tags are also defined. etc.etc. When I use the WLconsole, to
check users and groups lists, it works fine although it takes a lotof time before
being displayed (15 to 20 minutes !!!).
Through a Login.jsp, the user enters his/her login name and password.The result
is that I get the following message :
"Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization
will not help and the request SHOULD NOT be repeated. If the requestmethod was
not HEAD and the server wishes to make public why the request has notbeen fulfilled,
it SHOULD describe the reason for the refusal in the entity. This statuscode
is commonly used when the server does not wish to reveal exactly whythe request
has been refused, or when no other response is applicable."
No trace in the log files. No warning . Nothing.
My questions are:
1- Has somebody already experienced this?
2- Could you then help me ?
By advance , thank you very much.
Athmani H.
Note : I can provide you through email the config.xml, web.xml, weblogic.xmland
filerealm.properties and the concerned .jsp files on demand

Intermittent Indirect REference to login page error

Hello,
I am building a small web app in a mixed (java/microsoft) environment. We have no budget for a purchased single sign on solution, so I built one with the following architecture:
ASP page with integrated windows security, this simply returns to the url passed in as'URL' the clients current logon name.
This ASP page is called by the IntranetSSOServlet, which then builds and submit the vanilla logon page. This servlet is my logon page, it simply posts it's URL to the ASP page, and if a return is posted from ASP, the logon page is bult and submitted. The IntranetSSOServlet also sets a session variable called user to the current user's windows login.
I have two secure files, these are .jsp passthrough pages (since accessing the servlet directly did not appear to trip the security requirement and call the logon request from the server, so no users were ever in any roles). These are simple pages with a javascript redirect to the two servlets, and the jsp is only used because the servlets do not seem to trip the security requirement in the App server.
On my machine this works with no issues, single sign on is a success and all is well, on the machine next to mine it works fine also. However, on several client machines, I keep getting an invalie direct reference to login page.
My question is this:
Does anyone see any major issues with the architecture which are causing this?
It appears that the browser on some clients is attempting to go 'Back'. Is this a standard function of any software packages (spyware, internet tracking software, etc.?)
I am building with Netbeans 5.0, running Embedded Tomcat 5.5.9 and the pages are all accessed via windows XP/IE 6
Again, whats weird is that this works fine on several workstations, but throws the invalid direct reference to login on others...
I am quite confused.
Code to follow:
IntranetSSOServlet
if(request.getParameter("user") != null)
HttpSession session = request.getSession(true);
session.setAttribute("user",request.getParameter("user"));
//If SSO submission has returned a validated user name
//out.println(request.getParameter("user"));
//post this name and the default password to the logon
//This servlet will become the logon page, which will handle the redirects easier
out.println("<form METHOD=\"POST\" name = \"form\" action=\"../Intranet-WebModule/j_security_check\">");
//Generate a div to hide all of the input fields
out.println("<div style=\"display:;\">");
out.println("<input type=\"text\" name=\"j_username\" value=\""+request.getParameter("user")+"\"/>");
out.println("<input type=\"password\" name=\"j_password\" value=\"sas\"/></div>");
out.println("<input type=\"submit\" value=\"Submit\"/></div>");
request.getSession().setAttribute("user",request.getParameter("user"));
//out.println("<input type=\"submit\"></form>");
out.println("</form><script language=\"javascript\">//form.submit();</script>");
else
//call the SSO submission page
out.write("<script language=\"javascript\">location.replace(\"http://HOSTNAME/SSO/SSO.asp?URL="+lookupIntranetGlobalsBean().getJSPSiteRoot()+"IntranetSSOServlet\");</script>");
out.close();
This Servlet simply returns from the ASP a string (the user's logon) and then creates the post page, which posts a single dummy password to the app server
JSP passthrough page (secured resource)
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%--
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
--%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
</head>
<body>
<script language="javascript">
location.replace('http://HOSTNAME:8080/Intranet-WebModule/HRTools/newEmployeeAccountServlet');
</script>
</body>
</html>

Another try besides
     <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>userDatabase</realm-name>
        <form-login-config>
            <form-login-page>/pages_public/login.jsp</form-login-page>
            <form-error-page>/pages_public/loginError.jsp</form-error-page>
        </form-login-config>
    </login-config>is that I try to handle the error code in the web.xml with
<error-page>
     <error-code>400</error-code>
     <location>/error.jsp</location>
</error-page>It works when I say location = index.jsp, but it doesn't work when I try to redirect to error.jsp.
But when I redirect to index.jsp I just reload the login page, but then the user gets no information what has happened, therefore I need the error,jsp.
I have no idea why. If anybody has a hint or know why it is this way, please let me know!!
Thanks.

Login 404 Page not found error

I am having problems with my login mechanism.
I have form based authentication configured in my Web.xml. I have implemented the login mechanism from the SRDemo Example therefore I have a index.jsp which does a redirect to my first jspx page and a login.jsp which contains a form with username and password input types and a button which submits the form to the action="j_security_check".
When a user accesses the application, the index.jsp is called which does a redirect to the first page in my application "Customers.jspx". When the authentication fails, then the login page is displayed, and I think the redirect URL (Customers.jspx) is placed into the session by the framework for later use i.e. until the user authenticates. Once authenticated, the user is directed to the Customers.jspx.
The login pages works fine except for the following condition. When I sit at the login page until the session timeout occurs, then when I try to log-in, I get a 404 error "Page not found". I am guessing that the forward URL to my customers page is lost when the session times-out.
A lot of guessing but is any of this true. Can anyone shed some light on this one and suggest where I am going wrong or if there is a fix to the problem.
Many thanks,
Michael.

Hi,
correct. The server keeps track of the redirect page and if the session is lost, this information is lost too
Frank

Error in LDAP Authentication for Sun One App Server 8..pls help

I need to authenticate my sun java system application server 8 with openldap server.....
i have added ldap realm as given in the administrators guide http://docs.sun.com/source/817-6088/security.html
My settings in the sun app server were like this:
Realm: ldap
Class Name: com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
directory ldap://10.1.1.79:389
base-dn o=stooges
jaas-context ldapRealm
search-bind-dn cn=StoogeAdmin,o=stooges
search-bind-password secret1
My openldap schema is as follows
file : /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
database ldbm
suffix "o=stooges"
rootdn "cn=StoogeAdmin,o=stooges"
rootpw secret1
directory /var/lib/ldap/stooges
defaultaccess read
schemacheck off
lastmod on
index cn,sn,st pres,eq,sub
index uid,userPassword eq
file : /var/lib/ldap/stooges/stooges.ldif
dn: o=stooges
objectClass: top
objectClass: organization
o: stooges
description: The Three Stooges
dn: cn=StoogeAdmin,o=stooges
objectClass: organizationalRole
cn: StoogeAdmin
description: LDAP Directory Administrator
dn: ou=MemberGroupA,o=stooges
ou: MemberGroupA
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupA
dn: ou=MemberGroupB,o=stooges
ou: MemberGroupB
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupB
dn: uid=vikram,ou=MemberGroupA,o=stooges
uid:vikram
givenName:vicky
objectClass:top
objectClass:person
objectClass:organizationalPerson
objectClass:inetorgperson
sn:kone
cn:Kone Vikram
userPassword:glamsham
When i start ldap server and sun server,
the login page for sun server asks for username and password ....
when i give
username : vikram
password : glamsham
Error page comes.....
HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
Sun-Java-System/Application-Server-PE-8.0
Subsequent attempts to login gives another error page
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
com.sun.enterprise.tools.guiframework.exception.FrameworkException: Unabled to handle pre-compiled JSP '/jsp/j_security_check'. Expected pre-compiled classname: 'org.apache.jsp.jsp.j_005fsecurity_005fcheck'.
com.sun.enterprise.tools.admingui.servlet.HandlePrecompiledJsp.doPost(HandlePrecompiledJsp.java:59)
javax.servlet.http.HttpServlet.service(HttpServlet.java:768)
javax.servlet.http.HttpServlet.service(HttpServlet.java:861)
sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:324)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:289)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:205)
note The full stack trace of the root cause is available in the Sun-Java-System/Application-Server-PE-8.0 logs.
Sun-Java-System/Application-Server-PE-8.0
So pls... help as to how to go about this..
P.S. My ldap server runs as "ldap" user not as root

Try with "vikram" as a member of "cn=asadmin" group in your LDAP directory...

Error 403 returned from WebSphere running Policy Agent

Hi,
I'm getting an error 403 (forbidden) in my browser when I try to access a URL that I have protected using a Policy that I have setup in SAM.
My configuration is as follows:
Sun Access Manager 6 2005Q1 on Solaris
WebSphere AppServer 5.1.1.5 on Win 2000
WebSphere 5.0 Policy Agent 2.1 on Win 2000
At the moment, all I'm trying to do is protect a URL which is contained in a simple WAR file which I have deployed on WAS.
As per the J2EE Policy Agents guide, I have installed the Agent Filter by adding the following into web.xml
<web-app>
<display-name>...</display-name>
<description>...</description>
<filter>
<filter-name>Agent</filter-name>
<display-name>Agent</display-name>
<description>SunTM ONE Identity Server Policy Agent</description>
<filter-class>com.sun.identity.agents.websphere.AmWAS50AgentFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Agent</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
I've switched on Global Security in WAS and successfully logged back into the WebSphere Console using amldapuser. This confirms that the Agent Realm is working correctly.
In SAM I set up a Policy with a Rule that specified the URL I want to protect. I added a Subject to this Rule of type LDAP User. The user I chose was amadmin (for the moment).
I also configued an Agent with agentRootURL=http://<WAS fully qualified domain name>:9080/
When I try to access the URL of the servlet in the WAR, I am redirected to the SAM's login page
http://<SAM fully qualified domain name>/amserver/UI/Login?goto=http%3A%2F%2F<WAS fully qualified domain name>%3A9080%2FRoamingApp%2FRoaming
However, when I enter the amadmin/ <password> error 403 is returned to the browser.
I've checked the logs on SAM
From amAuthentication.access
"2005-07-28 11:58:15" "Login Success" LDAP dc=acme,dc=com INFO uid=amAdm
in,ou=People,dc=acme,dc=com <WAS IP address> "cn=dsameuser,ou=DSAME Users,dc=acme,
dc=com" <WAS IP address>
From amSSO.access
"2005-07-28 11:58:15" "SESSION CREATE" amSSO.access dc=acme,dc=com I
NFO uid=amAdmin,ou=People,dc=acme,dc=com <WAS IP address> "cn=dsameuser,ou=
DSAME Users,dc=acme,dc=com" <WAS IP address>
From agent.log (Policy Agent on Win 2000)
[Thursday, July 28, 2005 11:58:15 AM BST] [null]
Access to http://<WAS fully qualified domain name>:9080/RoamingApp/Roaming denied for user UNKNOWN
Perhaps I dont have the Policy in SAM configured correctly..... if anyone has come across this kind of problem before, I would greatly appreciate any help they can give me.
Thanks,
Justin

Thanks for getting back to me Jerry.
I had a look at the role-to-principal mappings you suggested. To do this I added a security constraint to my web.xml file.
Then I reconfigured WebSphere so that the Active User Registry = LDAP instead of Custom. This allowed me to assign the LDAP group (in SAM) to the role (in web.xml). WAR file installed fine with these new bindings and I restarted WAS.
Unfortunately, I'm still getting Error 403 in the browser!
Any ideas as to what I might be doing wrong? Any help you can give me would be much appreciated.
This is the amFilter log file from the Policy Agent...
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
AmFilter: incoming request =>
HttpServletRequest: class => com.ibm.ws.webcontainer.srt.SRTServletRequest@1af52898
     Character Encoding     : null
     Content Lenght          : -1
     Content Type          : null
     Locale               : en_IE
     Accept Locales:
          en_IE
     Protocol          : HTTP/1.1
     Remote Address          : 172.20.13.96
     Remote Host          : 172.20.13.96
     Scheme               : http
     Server Name          : dubwrk1589.ie.pri.o2.com
     Server Port          : 9080
     Is Secure          : false
     Auth Type          : null
     Context Path          : /RoamingApp
     Cookies:
          amFilterParam: AQIC5wM2LY4Sfcx0xX1Z1+1tK4SfLh/aCFlbIGuRNEPcAVc=
          amFilterRDParam: AQIC5wM2LY4Sfcwb7v6Sof6MpnvtyR8nae7hiKN7Y11QjCagyWAs9LzbAeB9Q4TP8VjruhK+oYForXxw/qq6TqbMAN1PlT1YOQI3Vy92iAaJ2N9x2bSRaUU7NlwZg8oTti+JOLdiRMTzwO17jIoWwCIx/0CtoQXpkX/meuAoFwf1feyAEp2NvK7AIbE82f/p8o4LxQbhK2NQNec=
          WASReqURL: http://dubwrk1589.ie.pri.o2.com:9080/RoamingApp/Roaming
          JSESSIONID: 0000HRZTVpt84dvtjaLaKWBnwzu:-1
     Headers:
          accept:
               image/gif
               image/x-xbitmap
               image/jpeg
               image/pjpeg
               application/msword
               application/vnd.ms-excel
               application/vnd.ms-powerpoint
               application/x-shockwave-flash
          referer:
               http://sam.digifone.com/amserver/UI/Login?goto=http%3A%2F%2Fdubwrk1589.ie.pri.o2.com%3A9080%2FRoamingApp%2Flogin.jsp
          accept-language:
               en-ie
          cookie:
               amFilterParam=AQIC5wM2LY4Sfcx0xX1Z1+1tK4SfLh/aCFlbIGuRNEPcAVc=; amFilterRDParam=AQIC5wM2LY4Sfcwb7v6Sof6MpnvtyR8nae7hiKN7Y11QjCagyWAs9LzbAeB9Q4TP8VjruhK+oYForXxw/qq6TqbMAN1PlT1YOQI3Vy92iAaJ2N9x2bSRaUU7NlwZg8oTti+JOLdiRMTzwO17jIoWwCIx/0CtoQXpkX/meuAoFwf1feyAEp2NvK7AIbE82f/p8o4LxQbhK2NQNec=; WASReqURL=http://dubwrk1589.ie.pri.o2.com:9080/RoamingApp/Roaming; JSESSIONID=0000HRZTVpt84dvtjaLaKWBnwzu:-1
          accept-encoding:
               gzip
               deflate
          user-agent:
               Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
          host:
               dubwrk1589.ie.pri.o2.com:9080
          connection:
               Keep-Alive
          cache-control:
               no-cache
     Method               : GET
     Path Info          : null
     Path Trans          : null
     Query String          : null
     Remote User          : null
     Requested Session ID     : 0000HRZTVpt84dvtjaLaKWBnwzu:-1
     Request URI          : /RoamingApp/login.jsp
     Servlet Path          : /login.jsp
     Session               : true
     User Principal          : null
     Attributes:
          com.ibm.servlet.engine.webapp.dispatch_type: forward
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
FQDNHandler: Incoming Server Name: [dubwrk1589.ie.pri.o2.com] Result: null
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
PatternRule{*/j_security_check}.matchString(/RoamingApp/login.jsp) => false
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
NotEnforcedListManager.isNotEnforced(/RoamingApp/login.jsp) => false
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
AmFilter: Login attempt number: 10
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
AmFilter: SSO Validation failed for null
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
AmFilter: Reseting Cookies in Response
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
WARNING: AmFilter: Login attempt number 10 failed for request URI: /RoamingApp/login.jsp
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
URLFailoverHelper: Checking if http://sam.digifone.com:80/amserver/UI/Login is available
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
URLFailoverHelper: URL http://sam.digifone.com:80/amserver/UI/Login is available
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
URLFailoverHelper: getAvailableURL() => http://sam.digifone.com:80/amserver/UI/Login
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
AmFilter: redirectURL is: http://sam.digifone.com:80/amserver/UI/Login?goto=http%3A%2F%2Fdubwrk1589.ie.pri.o2.com%3A9080%2FRoamingApp%2Flogin.jsp
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
WARNING: AmFilter: redirect attempt limit reached for http://sam.digifone.com:80/amserver/UI/Login?goto=http%3A%2F%2Fdubwrk1589.ie.pri.o2.com%3A9080%2FRoamingApp%2Flogin.jsp, access will be denied
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
AmFilter: Using 403 forbidden to block access
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
getResource: id = 20004
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
AmFilter: result =>
FilterResult:
     Status      : FORBIDDEN
     RedirectURL     : null
     RequestHelper:
          null
     Data:
          null
07/29/2005 05:48:44:980 PM IST: Thread[Servlet.Engine.Transports : 2,5,main]
getResource: id = 20008

J_security_check error

Similar Messages

Maybe you are looking for