j_security_check on Tomcat
The action
parameter in the login form page is interpreted as a URL relative to the URL of the login page, so when you submit the form the browser sends a POST request to the server with the URL /[context-path]/ProviderManager/j_security_check
. The servlet container uses /[context-path]/j_security_check
as the path for authentication requests to your webapp.
Any one of the following should fix this:
- Change the
action
parameter in the login page to../j_security_check
. - Change the
action
parameter in the login page to/[context-root]/j_security_check
- Move the login page to the application context root directory.
Guido Anselmi
Updated on September 21, 2020Comments
-
Guido Anselmi over 3 years
Do I have to do anything to activate Tomcat handling the call to j_security_check? The config & HTML code is below. I am getting this error:
Error Message
type Status report
message /(context path)/ProviderManager/j_security_check
description The requested resource (/(context path)/ProviderManager/j_security_check) is not available.
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <session-config> <session-timeout> 30 </session-timeout> </session-config> <security-constraint> <display-name>Constraint1</display-name> <web-resource-collection> <web-resource-name>ProviderManager</web-resource-name> <description/> <url-pattern>/ProviderManager/*</url-pattern> </web-resource-collection> <auth-constraint> <description/> <role-name>tomcat</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/ProviderManager/login.jsp</form-login-page> <form-error-page>/ProviderManager/error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description/> <role-name>tomcat</role-name> </security-role> </web-app>
tomcat-users.xml
<tomcat-users> <role rolename="tomcat"/> <role rolename="role1"/> <user username="tomcat" password="tomcat" roles="tomcat"/> <user username="both" password="tomcat" roles="tomcat,role1"/> <user username="role1" password="tomcat" roles="role1"/> <user username="ide" password="mgPNx5x5" roles="manager-script,admin"/> </tomcat-users>
login.html
<%@page contentType="text/html" pageEncoding="UTF-8"%> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>JSP Page</title> </head> <body> <form action="j_security_check" method="POST"> Username:<input type="text" name="j_username"><br> Password:<input type="password" name="j_password"> <input type="submit" value="Login"> </form> </body> </html>
Thanks-in-advance,
Guido