Reputation: 487
Authenticating a user with j_security_check in Java EE 7
I practise Java EE 7 nowadays. I come across a problem when trying to authenticate a user by using container provided way, i.e., j_security_check .
- Application server:
Apache Tomcat 7 - Project/Application name:
ServletDrill - Resource (Servlet) annotated with
@WebServlet
My Web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>ServletDrill</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>To_Auth</web-resource-name>
<url-pattern>/auth/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>valid</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/FormAuth.jsp</form-login-page>
<form-error-page>/LogInErr.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
My tomcat-users.xml:
<tomcat-users>
<role rolename="valid"/>
<user username="username" password="pass" roles="valid"/>
</tomcat-users>
My <form>:
<form action="/ServletDrill/j_security_check" accept-charset="UTF-8" method="post">
<fieldset id="postForm">
<legend>j_security_check method</legend>
<div class="partContainer">
<div class="left"><label for="user" >User Name: </label></div>
<div class="right"><input type="text" name="j_username" id="user" required="required" maxlength="20"></div>
</div>
<hr/>
<div class="partContainer">
<div class="left"><label for="pass" >Pass: </label></div>
<div class="right"><input type="password" name="j_password" id="pass" required="required" maxlength="20"></div>
</div>
<hr/>
<div class="partContainer">
<div class="left"><input type="submit" value="Log In"></div>
<div class="right"><input type="reset" value="Reset"></div>
</div>
</fieldset>
</form>
My protected resource (Servlet):
@WebServlet("/auth/NeedsPriorAuth")
public final class NeedsPriorAuth extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.getWriter().append("Welcome, "+request.getRemoteUser()+". The user has been authenticated before hand").append("\n Auth Type: "+request.getAuthType());
}
}
When I execute the following link,
<a href="/ServletDrill/auth/NeedsPriorAuth">Access Protected Servlet</a>
,the user redirected for authentication on the following page,
<form-login-page>/FormAuth.jsp</form-login-page>
(the <form> that I posted above).
Despite passing in correct credentials (posted above at tomcat-users.xml) the user redirected to the following Error page (posted above at Web.xml):
<form-error-page>/LogInErr.jsp</form-error-page>
What is the culprit which causes such an inconvenience for me? I've been stuck on this problem for several days now.
What about <realm>, do I need it?
Any ideas?
Upvotes: 0
Views: 4133
Answers (1)
Reputation: 487
There you go, in the end, I have resolved the problem. The modification that I needed to apply:
<form action="j_security_check" accept-charset="UTF-8" method="post">
That is, the action has no application context prefix. The other thing, is that there are, in my case, 2 instances of tomcat-users.xml file:
- Under Apache Tomcat v7 directory (The server app)
- And the one accessible from
Project Explorer in Eclipse, under Servers2 name
When you modify the role(s), username, and password, if you want to see an affect to take place, modify it under the latter instance example; the server restart comes after.
Upvotes: 0
Related Questions
- How to check if a user is logged in when using auth-method FORM
- tomcat 7 Form based authentification
- Performing user authentication in Java EE / JSF using j_security_check
- Form authentication with Tomcat
- Auto login with j_security_check
- j_security_check is not available if user is already logged in
- j_security_check gives 403 page with correct credentials
- j_security_check gives 403 page when username and password are correct
- Servlet security authentication
- Authenticate user with j_security_check