Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Other Security APIs, Tools, and Issues

j_security check

Hi,

I want to use j_security_check but i have a few problems. I have the following in my web.xml

<security-constraint>

<web-resource-collection>

<web-resource-name>All JSP direct access</web-resource-name>

<url-pattern>members/*</url-pattern>

<http-method>POST</http-method>

<http-method>GET</http-method>

</web-resource-collection>

<auth-constraint>

<description>

No Access

</description>

<role-name>restricted</role-name>

</auth-constraint>

</security-constraint>

<login-config>

<auth-method>FORM</auth-method>

<form-login-config>

<form-login-page>members/index.jsp</form-login-page>

<form-error-page>jsps/error.jsp</form-error-page>

</form-login-config>

</login-config>

<security-role>

<description>NO Access</description>

<role-name>restricted</role-name>

</security-role>

</web-app>

and:

<form method="POST" action="j_security_check">

<input type="text" name="j_username">

<input type="password" name="j_password">

<input type="submit" name="Submit" value="Submit">

in a jsp for some reason i just keep getting re-directed to the error screen (jsps/error.jsp) after entering the correct username and password, even if they're incorrect the same thing happens.

I have also tried creating an action (checks the u/p entered through form) in struts but it keeps re-directing me to index.jsp

Now i have some business logic code which calls the db and checks the entered username and password. It works fine but i don't know how to incorperate it with the above? With the struts way when i submit it it should go to LoginCheck.do but it keeps redirecting me to index.jsp. Infact no matter what file i access within the members directory i get re-directed to index.jsp.

I tried removing the above code and it appears to work i.e. i'm redirected to the login screen if the username and password is invalid otherwise it says successful.

But i can still access files within the members directory without authenticating first.. So i would like to know how do i incorperate the business logic code i have with the above in my web.xml? So that if i've logged in correctly i should be able to access anything inside members otherwise i should be re-directed to the login.jsp

[2638 byte] By [spear_arrowa] at [2007-10-2 14:45:53]
«« Query string generation
»» Transfer Video to client
# 1
Have you figured this out yet? Are you restricting all jsps this way but then using index.jsp as your login page? Not sure, but that may be a problem - I am new to this too.gtw
nuffa at 2007-7-13 13:19:29 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
Security
Other Security APIs, Tools, and Issues

Security New Topic

Security Hot Topic

Security

All Classified