Logging j_security_check
Is there a way to see the logging results from using form based authentication on Glassfish V2? It is redirecting to the error page, and I have checked everything I can think of, but I'm just not sure where the problem is being caused. I just to find some sort of logging results to see what is not working correctly.
Is there a way to see the logging results from using form based authentication on Glassfish V2? It is redirecting to the error page, and I have checked everything I can think of, but I'm just not sure where the problem is being caused. I just to find some sort of logging results to see what is not working correctly.
Similar Messages
-
Automatically log back in for a given period of time
I just started to work on web and have the following issue:
We want some (mobile) users to be able to automatically log back in for a given period of time. It is not difficult to set cookie (valid user information without clear text) on the mobile device. For now the question is how we can log in using this cookie info.
Web application uses "j_security_check", "j_security_check" checks the user/password.
Question is how we can autologin using cookie information. Thanks guys!it is not problem to check cookie on exists and valid. Problem is 'where' where can I do it using 'j_security_check'
-
Restrict multiple log in with same user ID
I have a JSF Project where I use Oracle JAAS for Login.
The login works perfectly and also the components on the JSF page shows as per User Role. I am using OAS 10.1.3.3.
I want to now implement the code so as to restrict simultaneous logins with the same user id. That is a user id cannot be looged in at once to the server from more than one machine.
The login.html is:
<form name="loginFrm" method="post" action="j_security_check">
<p>Log in to access restricted zone.</p>
<table>
<tr>
<td>User name</td>
<td>
<input id="j_username" type="text" name="j_username"/>
</td>
</tr>
<tr>
<td>Password</td>
<td>
<input type="password" name="j_password"/>
</td>
</tr>
<tr>
<td> </td>
<td>
<input type="submit" value="Login" onclick="document.body.style.cursor='wait';"/>
</td>
</tr>
</table>
</form>The securityconfig int he web.xml file is:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>jazn.com</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/loginError.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>ADMINISTRATOR</role-name>
</security-role>
<security-role>
<role-name>MANAGER</role-name>
</security-role>
<security-role>
<role-name>INSURER</role-name>
</security-role>
<security-role>
<role-name>TRACKER</role-name>
</security-role>
<security-role>
<role-name>INSURER_MANAGER</role-name>
</security-role>Then I would say it is not possible: Restrict multiple login in SAP Business Objects 4.0 SP6 for single user
multiple login disable in BO | SCN -
JSF/JAAS j_security_check for role-based login pages
I'm looking for a way to take the login request after j_security_check is through and invoke logic in a backing bean somewhere to redirect the user (using Faces) to the appropriate view (via an outcome defined in the faces-config.xml, of course) based on the user's role. Is there a "JSF" (i.e. non-filter) way to do this that I'm missing? If not, I suppose I could try a filter if it will work.
I've thought of just going to the same page and displaying different components, but I don't like that a lot, even using subviews. I thought about having two web apps, but find that to be a poor option. I really don't like trusting the user to remember/get a URL right beyond http://xyz.com or something similarly simple, as much to save them from frustration as anything else.
Any ideas would be appreciated. I've scoured forums and Googled all day without much success, so I apologize if this is posted somewhere already. This seems like something that should be pretty simple and I may want to kick myself when I see the answer.Hi Brian,
I do not believe it is j_security_check's job to check for blank
passwords.
In many security realms, it is "legal" for a user to have a blank
password. j_security_check forwards whatever password was entered so that
even users with blank passwords can be authenticated by the realm on the
backend. For this reason I believe that j_security_check is "doing the
right thing" by just forwarding whatever is presented to it, rather than
having its own logic. It is best if j_security_check just acts as a very
dumb middle man.
If behavior was altered, it is true that your particular problem would be
solved, but then many other people would have a problem with their users
with blank passwords authenticating properly...
Try looking into how to disable anonymous logins on the LDAP end of
things. Hope this helps.
Cheers,
Joe Jerry
brian wrote:
I am using the LDAP Security Realm to authenticate against an iPlanet
Directory Server. All works as expected when a user-id and password
are entered for form-based authentication.
However, when a userid is entered but no password, j_security_check
logs the user in successfully. Aparently, this is correct LDAP
behaviour as anonymous login to the LDAP server is permitted. It seems
that the j_security_check servlet should check for blank passwords
before trying to authenticate against the LDAP server and fail
authentication if this is the case.
Has anyone else experienced this problem? -
Getting the name of the current user loged in with j_security_check
Is there any method or way of getting the username of the current user
which is logged in via the j_security_check?
thanks<p>
<strong><font face="courier new,courier" size="2">FacesContext ctx = FacesContext.getCurrentInstance();</font></strong>
</p>
<p>
<strong><font face="courier new,courier" size="2">ExternalContext ectx = ctx.getExternalContext()</font></strong>
</p>
<p>
<strong><font face="courier new,courier" size="2">HttpServletRequest req = (HttpServletRequest)ectx.getRequest()</font></strong>
</p>
<p>
<strong><font face="courier new,courier" size="2">String user = (String) req.getRemoteUser();</font></strong>
</p>
Kuba -
Username not showing up in access log for authenticated users
I'm using form-based authentication in a Java web application on Sun One Web Server v6.1 to restrict access to authenticated users. However, even after the users authenticate and access the application, the username field in the access log is showing them as anonymous.
request.getRemoteUser() is reporting the correct username, so it just seems to be the access log that is in error. Right now it is set to the default but changing formats to custom doesn't seem to help in displaying the username.
Here's an excerpt from the access log:
// anonymous access attempt, redirects to login page...
10.100.168.110 - - [01/May/2006:14:34:42 -0400] "GET /profile/index.jsp HTTP/1.1" 302 0
10.100.168.110 - - [01/May/2006:14:34:42 -0400] "GET /profile/login.jsp HTTP/1.1" 200 3355
10.100.168.110 - - [01/May/2006:14:34:47 -0400] "POST /profile/j_security_check HTTP/1.1" 302 0
// at this point they are logged in and their username should be reflected in the access log, but is not:
10.100.168.110 - - [01/May/2006:14:34:47 -0400] "GET /profile/index.jsp HTTP/1.1" 200 3532 And the relevant code from the web application's web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>AllFiles</web-resource-name>
<description>
Restricts anonymous access.
</description>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>
Authenticated Users
</description>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>I've searched the forums and the manuals but can't see anything showing that the access log's username field doesn't work with form-based authentication. Can anyone shed some light on this?Some background:
The Java Servlet container has its own authentication infrastructure (which is what you configure in web.xml) which is separate from the non-Java authentication infrastructure (ACLs, etc.). If you set up authentication via ACLs the resulting user identity can (though you may configure it not to) propagate to the Java Servlet container such that request.getRemoteUser() will return it, even though no web.xml-driven authentication occurred. The coverse is not true, however: if you authenticate via a Java Realm, based on web.xml configuration, that user identity is not available to non-Java code.
(Your web.xml snippet doesn't show you using FORM auth - but it doesn't matter, the explanation above applies in any case.)
That is why the log file (generated from non-Java code) doesn't have access to that user. It probably should, but there's no config option today for you to make that happen.
If you're using BASIC auth you may consider moving the authentication configuration from web.xml to ACLs as a possible workaround. It will then show up in the access logs.
If you prefer web.xml-based authentication, consider the <SECURITY audit="true"> option in server.xml. It won't be in the access log but you'll have an audit trail of authentications, which may help. -
[SOLVED] JAZN log out not working
Hi,
I'm having a problem with JAZN security in an ADF Faces application, particularly with logging out. I'll minimize the set of pages involved in order to explain the problem, it is as follows:
The application has HTML form authentication managed by a JAZN XML file. The pages involved are
- Login.jspx (login page)
- Main.jspx (secured page with a "log out" button)
When the log out button is clicked the session is terminated and the user is redirected to the login page. After this, when I try to log in again nothing happens so I can't log in again.
Here is the code:
<< Login.jspx >>
<?xml version='1.0' encoding='windows-1252'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0" xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core" xmlns:af="http://xmlns.oracle.com/adf/faces"
xmlns:afh="http://xmlns.oracle.com/adf/faces/html">
<jsp:output omit-xml-declaration="true" doctype-root-element="HTML" doctype-system="http://www.w3.org/TR/html4/loose.dtd"
doctype-public="-//W3C//DTD HTML 4.01 Transitional//EN"/>
<jsp:directive.page contentType="text/html;charset=windows-1252"/>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252"/>
<title>login</title>
</head>
<body><form action="j_security_check" method="post">
<table cellspacing="3" cellpadding="2" border="0" width="100%">
<tr>
<td width="120">
<b style="whitespace:nowrap">User</b>
</td>
<td>
<input type="text" name="j_username"/>
</td>
</tr>
<tr>
<td width="120">
<b>Password</b>
</td>
<td>
<input type="password" name="j_password"/>
</td>
</tr>
<tr>
<td><jsp:text><![CDATA[ ]]></jsp:text></td>
<td>
<input type="submit" name="logon" value="Sign On"/>
</td>
</tr>
</table>
</form></body>
</html>
</jsp:root><< Main.jspx >>
<?xml version='1.0' encoding='windows-1252'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.0" xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core" xmlns:af="http://xmlns.oracle.com/adf/faces"
xmlns:afh="http://xmlns.oracle.com/adf/faces/html" xmlns:cust="http://xmlns.oracle.com/adf/faces/customizable">
<jsp:output omit-xml-declaration="true" doctype-root-element="HTML" doctype-system="http://www.w3.org/TR/html4/loose.dtd"
doctype-public="-//W3C//DTD HTML 4.01 Transitional//EN"/>
<jsp:directive.page contentType="text/html;charset=windows-1252"/>
<f:view>
<afh:html>
<afh:head title="Main">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252"/>
</afh:head>
<afh:body>
<h:form>
<af:commandButton text="Logout" action="#{login.logout}"/>
</h:form>
</afh:body>
</afh:html>
</f:view>
</jsp:root><< jazn-data.xml >>
<?xml version = '1.0' encoding = 'windows-1252' standalone = 'yes'?>
<jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data-10_0.xsd" filepath="" OC4J_INSTANCE_ID="">
<jazn-realm>
<realm>
<name>jazn.com</name>
<users>
<user>
<name>user</name>
<credentials>{903}dn3x1m8PHXf4z1+aLjhNH3+9HIVSWd3l</credentials>
</user>
<user>
<name>anotherUser</name>
<credentials>{903}nhz/q14H8m4cmZ2KRBDBSDzCgFn4EQ3nA/b788Egorg=</credentials>
</user>
</users>
<roles>
<role>
<name>authenticatedUsers</name>
<members>
<member>
<type>user</type>
<name>user</name>
</member>
<member>
<type>user</type>
<name>anotherUser</name>
</member>
</members>
</role>
</roles>
</realm>
</jazn-realm>
<jazn-policy/>
</jazn-data><< web.xml >>
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee">
<description>web.xml file for Web Application</description>
<filter>
<filter-name>adfFaces</filter-name>
<filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>adfFaces</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>faces/Main.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<jsp-config/>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>oc4j-administrators</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Zone</web-resource-name>
<url-pattern>/faces/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>authenticatedUsers</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>login.jspx</form-login-page>
<form-error-page>error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>authenticatedUsers</role-name>
</security-role>
</web-app><< orion-application.xml >>
<?xml version = '1.0' encoding = 'windows-1252'?>
<orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd">
<jazn provider="XML" location="./jazn-data.xml" default-realm="jazn.com" jaas-mode="doAsPrivileged"/>
</orion-application><< faces-config.xml >>
<?xml version="1.0" encoding="windows-1252"?>
<!DOCTYPE faces-config PUBLIC
"-//Sun Microsystems, Inc.//DTD JavaServer Faces Config 1.1//EN"
"http://java.sun.com/dtd/web-facesconfig_1_1.dtd">
<faces-config xmlns="http://java.sun.com/JSF/Configuration">
<application>
<default-render-kit-id>oracle.adf.core</default-render-kit-id>
</application>
<managed-bean>
<managed-bean-name>login</managed-bean-name>
<managed-bean-class>view.LoginBean</managed-bean-class>
<managed-bean-scope>request</managed-bean-scope>
</managed-bean>
</faces-config><< LoginBean.java >>
package view;
import java.io.IOException;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginBean {
public LoginBean() {
public String logout() throws IOException {
FacesContext ctx = FacesContext.getCurrentInstance();
ExternalContext ectx = ctx.getExternalContext();
HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
HttpSession session = (HttpSession)ectx.getSession(false);
session.invalidate();
response.sendRedirect("Login.jspx");
ctx.responseComplete();
return null;
}Is there anything wrong or missing?
Thanks,
YoelHi,
in BASIC authentication the browser autenticates the user (browser sso). A new session is created - wich means that all session information of the previous application run are deleted. To avoid browser sso you need to close the browser process. The BASIC authentication issue is not caused by JAZN but the way this authentication is speced by teh W3C
Frank -
Automatic "j_security_check" form login submission question
I've been using J2EE 1.4 declarative security with no problems.
It works great. I define the security constraints to the server and
when the relevant pages are hit the login.jsp page gets invoked
where users can login. I happen to be using Tomcat 5 right now, but again it all works fine.
But now I have to receive http User Login requests from a non-java server and automatically log the user in if they were logged in on the prior server since I support the same User-Ids/Passwords.
My question is simple and may only be an HTML trick. On the login page code specifically for users where I already have their User-Id and Password how do I auto-submit the form without requiring user's to press the "submit" button? For this type of user where I know the UserID and Password I will not have any displayed HTML since the user does not have to do anything. For traditional manual login, I always used the following format with the submit button, but again, now I want to bypass the JSP/JSTL/HTML display and submit automatically (using code) instead of requiring the user to press the submit button.
<form method="POST" action="j_security_check" >
<input type="text" name="j_username" size="8" maxlength="8" />
<input type="password" name="j_password" value="FMTPPSWD" size="8" maxlength="8" />
<input type="submit" value=" Login " />
</form>
Help!
I've already orchestrated the solution in my login.jsp configuration to separate between the JSP Display page supporting manual login (using jsp:forward) and non-display auto-login. So my question is only how do I submit a form programatically without using the submit button?
Thanks.For the benefit of others here is the JSP/JSTL & javascript solution.
This allowed me to create an automated login and use declarative security ...
The following code requires param.UserID and param.PassWord to be set before it is executed...
<form name="AutoLogin" method="POST" action="j_security_check" >
<input type="hidden" name="j_username" value="<%= request.getParameter("UserID") %>" size="8" maxlength="8" />
<input type="hidden" name="j_password" value="<%= request.getParameter("PassWord") %>" size="8" maxlength="8" />
</form>
<script type="text/javascript" language="JavaScript">
document.AutoLogin.submit();
</script> -
J_security_check / Error 404
Hi,
I am trying to modify an application that works with Apache and Tomcat server.
I tried to add basic form authentication, but when I enter a login-name/password I get an HTTP 404 Error about the requested page, that it was not found.
Here are my web.xml and logon.jsp files:
======================== web.xml ========================
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- (c) 2001, RosettaNet; portions hereof (c) 2001, SAIC. -->
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"webapps/rosettanet/WEB-INF/web-app_2_2.dtd">
<web-app>
<!-- Security Constraint -->
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>STK</web-resource-name>
<url-pattern>/RnsttHome.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>customer</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/logon.jsp</form-login-page>
<form-error-page>/logonError.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security Roles -->
<security-role>
<role-name>customer</role-name>
</security-role>
<welcome-file-list>
<welcome-file>
RnsttHome.jsp
</welcome-file>
</welcome-file-list>
</web-app>
=======================================================
======================== logon.jsp =======================
<%@ page contentType="text/html" %>
<%-- Log-In Page --%>
<html>
<head><title></title></head>
<center>
<h3>This is a login page.</h3>
<br><br><form action="j_security_check" method=post>
<table>
<tr>
<td align="center">
<table border="0">
<tr>
<td><b>Enter your name: </b></td>
<td><input type="text" size="15" name="j_username"></td>
</tr>
<tr>
<td><b>Enter your password: </b></td>
<td><input type="password" size="15" name="j_password"></td>
</tr>
<tr>
<td></td>
<td align="right"><input type="submit" value="Submit"></td>
</tr>
<tr>
<td><br></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
</center>
</html>
=======================================================
Tomcat is version 3.2 and Apache is version 1.3.19
The application is located inside Tomcat, folder webapps.Any suggestions or ideas?I honestly don't know how to solve this problem.I looked at other similar threads but none of the suggestions or solutions posted work for my case...
Arapakis Giannis
IT-Postgraduate Student+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
what do you get when you enter in an invalid username/password - your logonError.jsp? page
How do you access this page - is your destination page available, and working?
I take it you are trying to access /RnsttHome.jsp
Check the spelling of your URL - maybe try accessing another file under securlty to see if that one works?
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- It doesn't really matter whether I enter a correct username/password or an invalid one, cause I get the 404 Error. I am not re-directed to the logonError.jsp at all. I can only see that the browser is looking for J_security_check...at least that's what is written on the url when I get the 404 error.
e.g.
http://localhost/myapplication/j_security_check
-- The destination page is RnsttHone.jsp and it is working fine.I don't think that this is the problem.
-- I have tried accessing other files as well.That's not the problem.They all have the same problem with j_security_check...
Arapakis Giannis -
J_security_check and web.xml
Hi,
I've set up a web application with form authentication
Here's part of my web.xml:
<security-role>
<description>user</description>
<role-name>user</role-name>
</security-role>
<!-- Login Authentication -->
<security-constraint>
<display-name>Secure User Pages</display-name>
<web-resource-collection>
<web-resource-name>SecureUserPages</web-resource-name>
<url-pattern>/jsp/welcome.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>user</description>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/loginError.jsp</form-error-page>
</form-login-config>
</login-config>When I request welcome.jsp, I'm taken to login.jsp.
If I enter an incorrect login/password combo, the contents of loginError.jsp show up, but the url says http://hostname:port/appname/jsp/j_security_check
How can I make it so that the url does not show 'j_security_check', but 'loginError.jsp'?
Second, if I enter a correct login/password combo, I am not taken to the page I requested - I stay on the login page, but the information in the form fields gets wiped out. According to my logs, it says that I logged in correctly.
Can someone shed some light on these one or both of these issues?
Thanks in advance,
CTo answer you,
1. j_security_check servlet forwards the request to loginError.jsp on login failure. Hence you don't see any change in URL at the address bar. Use redirect at your application level to see the change in URL at the address bar.
If you want to attain some more flexibility at the login level, probably JAAS can help you out.
2. _"Second, if I enter a correct login/password combo, I am not taken to the page I requested - I stay on the login page, but the information in the form fields gets wiped out. According to my logs, it says that I logged in correctly"_
If you're really sure about correctness of your log, i think, you have directly invoked login.jsp from your browser and then you must have entered a valid username/password.May be this is the reason you get to see login.jsp again on successful login.
Solution, would be to directly invoke welcome.jsp from browser.Provide valid username and password and then see whether you really get to see welcome.jsp or not? -
J_security_check error
We are tyring to deploy a simple application using form-based authentication
on iPlanet Application Server 6.0 SP 2. The login form shows up, however
regardless of userid/password entered we get the following error:
// on the screen
GX Error (GX2GX)
socket result code missing!!!
URL is trying to go to ...NASApp/myDir/j_security_check
// in the error log
[28/Jun/2001:16:20:29] warning ( 722): CrackRequestGuid reports: NameTrans
lookup failed for {Applogic Servlet watch_j_security_check}
Our login page is:
form method="POST" action="j_security_check">
<input type="text" name="j_username">
<input type="password" name="j_password">
<input type="submit" value="login">
</form>
We were using the GUI deployment tool and were following the manual.
Can anyone help me?
Thanks ...
Pino.Just check your registry under the key
SOFTWARE/iPlanet/ApplicationServer/6.0/J2eeModule/<your-war-module> ..
Here check the auth-method key. It should contain the word FORM in caps. If it
is in small or mixed case, the the application will fail. Change it to FORM.
Also check the "login-config" key here. It should also display the word Form in
caps.
You can do this and run the application again. Make sure you restart the
web-server.
Irfan Ahmed.
"Caracciolo, Pino [CRK:P914:EXCH]" wrote:
We are tyring to deploy a simple application using form-based authentication
on iPlanet Application Server 6.0 SP 2. The login form shows up, however
regardless of userid/password entered we get the following error:
// on the screen
GX Error (GX2GX)
socket result code missing!!!
URL is trying to go to ...NASApp/myDir/j_security_check
// in the error log
[28/Jun/2001:16:20:29] warning ( 722): CrackRequestGuid reports: NameTrans
lookup failed for {Applogic Servlet watch_j_security_check}
Our login page is:
form method="POST" action="j_security_check">
<input type="text" name="j_username">
<input type="password" name="j_password">
<input type="submit" value="login">
</form>
We were using the GUI deployment tool and were following the manual.
Can anyone help me?
Thanks ...
Pino. -
J_security_check not working in a cluster
We have a cluster set up using two machines (Sun fire 280R) two instances of weblogic
on each machine (and a third for admin on machine 1) the cluster starts up fine,
admin server taken off line, the web app (.war) is distributed and accessable
across the cluster. But when a user tries to log in (using FORM based auth, posting
to j_security_check) nothing happens, just returned to the login page, no errors
no output no nothing. If we remove the cluster and just run the app on a single
server (the admin server) it works fine. Even if we run the app on another managed
server (not part of a cluster) it still doesn't work. It only works on the admin
server, we are using a RDBMS Realm to authenticate, we have checked the obvious,
DB Pool deployed to cluster etc.
Replies very much appriceated
Thanks
Gareth
Hello Gareth,
Iam facing exact same issue as well. Its a WL 6.1 sp2 cluster. Iam
using HttpClusterServlet on WL as proxy. Also using RDMBS realm for
Authentication. Like you said after I type userid/password click o.k
nothing happens. No errors no messages! its been frustrating as I was
not sure if my configuration was right or not! Do let me know if you
should find any solution to this!
thanks!
-priya
p.s: I also notice that if i keep trying 3, 4 or 5 times and finally
do get in, the httpSession is all confused. Some time its starts 2
sessions! Sometimes is does not replicate properly. And most of the
time if I restart the cluster server it goes works for once or twice
and does'nt work after that!
"Gareth James" <[email protected]> wrote in message news:<[email protected]>...
> We have a cluster set up using two machines (Sun fire 280R) two instances of weblogic
> on each machine (and a third for admin on machine 1) the cluster starts up fine,
> admin server taken off line, the web app (.war) is distributed and accessable
> across the cluster. But when a user tries to log in (using FORM based auth, posting
> to j_security_check) nothing happens, just returned to the login page, no errors
> no output no nothing. If we remove the cluster and just run the app on a single
> server (the admin server) it works fine. Even if we run the app on another managed
> server (not part of a cluster) it still doesn't work. It only works on the admin
> server, we are using a RDBMS Realm to authenticate, we have checked the obvious,
> DB Pool deployed to cluster etc.
>
> Replies very much appriceated
>
> Thanks
>
> Gareth
-
J_security_check skipping?
Hi all,
I am using resin form based authentication (j_security_check).
I want to lock the user account after N invalid login attempts.
Now, before validating the user, i want to check no of attempts for a particular username, so i want to skip the submission to j_security_check and submit it to someother page and then forward it to j_security_check.
Any insights?Anthony,
I take it you are using form authentication. Are you sure your login and
error files are set properly? Make sure you send the user to the page to
be authenticated not to the login page. Make sure you invalidate your
session if the user has previously logged in correctly before trying to
log in again.
Good luck
Anthony banda wrote:
>
When using j_security_check and Netscape 4.7 I have found that when a user logs
in incorrectly the Netscape authorization popup happens, asking for a username
and password. Even if you supply the correct username and password in the popup
authentication does not happen. Is there a way to keep the popup from poing up? -
J_security_check and Struts
Hi all
i'm developing a web-application with JSP/Struts which is running with Tomcat 5.0.18. I tried to use the Form-Based Authentication. But somehow i can't figure out how this works with struts.
The login-config in web.xml looks like that:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Global/login.do</form-login-page>
<form-error-page>/Global/error.do</form-error-page>
</form-login-config>
</login-config>
Then i created a login.jsp:
<html:form name="loginForm" action="j_security_check" method="POST" type="com.hp.iapm.vs.invwebgui.LoginForm" scope="session" >
<TABLE>
<tr><td><bean:message key="label.login.username"/> <html:text property="j_username" size="20"/></td></tr>
<tr><td><bean:message key="label.login.password"/> <html:password property="j_password" size="20"/></td></tr>
<tr><td><input:submit value="Log In"></td></tr>
</TABLE>
</html:form>
I also put the corresponding form beans / mappings in struts-config.xml. But now everytime i want to start my webapplication i get this error:
[ServletException in:/pages/global/login.jsp] Cannot retrieve mapping for action /j_security_check'
i didn't create a j_security_check acttion mapping, this is a method from tomcat that already exists i think. How to i have to implement/configure it?
Thanks
AngelaI think it would work better if you DIDN'T use the struts tags for the form
ie
just this
<form name="loginForm" action="j_security_check">
Once you make it an <html:form> it adds .do onto the end of it, (or whatever your struts config is set to)
Basically I think the login page should be a plain HTML page, rather than a struts one.
Cheers,
evnafets -
J_security_check question
Hello,
I am using form based authentication with j_security_check and everything works fine as expected. But, in my web application i have different different roles. How do i specify the success url for these different roles? I have only one login page and different roles. Say suppose Admin logs in then he should be redirected to /Admin/home.jsp and for general users it should be /General/home.jsp? I saw that there are no success url's to specify for this. Only when a user tries to access restricted resource he is redirected to log in page. But what if my users directly visit the log in page? and sign in there?
Do i have any other option except j_security_check? I don't want to programmatically code for JAAS. I want container managed security only. I even tried HttpServletRequest#login(), but it is also not working as expected. Can somebody throw some light upon it? Why is that method in HttpServletRequest? If at all this method is there, it should have been at session level in HttpSession. But what is it doing at request level?
Futher, i even tried putting a filter on j_security_check but my filter never gets executed. I am using Glassfish V3 and Netbeans 6.8.
Please help me. I'm stuck.Sorry - figured it out.
Maybe you are looking for
-
Restructuring/Changing Bank Clearing & Cash accounts in FBZP in PROD
We're restructuring our bank accounts and converting all bank clearing and cash balances. We can transfer with or without clearing from the old G/L's to the new G/L's but the issue is the existing postings from the payment run in PAYR. 1) Has anyo
-
Keyboard coffee spill - repair.
Spilt a full mug of hot sweet coffee over my Apple wireless keyboard, Thought well it's banjaxed anyway so took it to the sink and rinsed it and shook it several times under warm tap. Let it drain then put it on a warm radiator overnight and its like
-
Outlook - i need outlook contacts to overide iphone help
can anybody tell me how to set the settings: Outlook overides iphone contacts
-
Desktop Software and Bluetooth (not just a rehash of the same problem!)
Hoping someone here can help me! I'm just about to go batty. Long story - so I'll just skip to the relevent parts. I'm trying to connect my (T-Mobile) 8800 to my PC (it's an old Sony desktop, that did not come with bluetooth support. Running SP3) I'v
-
Why is the serial number being rejected when I know it is correct. Is because I cannot load onto a second computer?