I practise Java EE 7 nowadays. I come across a problem when trying to authenticate a user by using container provided way, i.e., j_security_check .
Apache Tomcat 7ServletDrill@WebServletMy Web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>ServletDrill</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>To_Auth</web-resource-name>
<url-pattern>/auth/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>valid</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/FormAuth.jsp</form-login-page>
<form-error-page>/LogInErr.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
My tomcat-users.xml:
<tomcat-users>
<role rolename="valid"/>
<user username="username" password="pass" roles="valid"/>
</tomcat-users>
My <form>:
<form action="/ServletDrill/j_security_check" accept-charset="UTF-8" method="post">
<fieldset id="postForm">
<legend>j_security_check method</legend>
<div class="partContainer">
<div class="left"><label for="user" >User Name: </label></div>
<div class="right"><input type="text" name="j_username" id="user" required="required" maxlength="20"></div>
</div>
<hr/>
<div class="partContainer">
<div class="left"><label for="pass" >Pass: </label></div>
<div class="right"><input type="password" name="j_password" id="pass" required="required" maxlength="20"></div>
</div>
<hr/>
<div class="partContainer">
<div class="left"><input type="submit" value="Log In"></div>
<div class="right"><input type="reset" value="Reset"></div>
</div>
</fieldset>
</form>
My protected resource (Servlet):
@WebServlet("/auth/NeedsPriorAuth")
public final class NeedsPriorAuth extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.getWriter().append("Welcome, "+request.getRemoteUser()+". The user has been authenticated before hand").append("\n Auth Type: "+request.getAuthType());
}
}
When I execute the following link,
<a href="/ServletDrill/auth/NeedsPriorAuth">Access Protected Servlet</a>
,the user redirected for authentication on the following page,
<form-login-page>/FormAuth.jsp</form-login-page>
(the <form> that I posted above).
Despite passing in correct credentials (posted above at tomcat-users.xml) the user redirected to the following Error page (posted above at Web.xml):
<form-error-page>/LogInErr.jsp</form-error-page>
What is the culprit which causes such an inconvenience for me? I've been stuck on this problem for several days now.
What about <realm>, do I need it?
Any ideas?
There you go, in the end, I have resolved the problem. The modification that I needed to apply:
<form action="j_security_check" accept-charset="UTF-8" method="post">
That is, the action has no application context prefix. The other thing, is that there are, in my case, 2 instances of tomcat-users.xml file:
Project Explorer in Eclipse, under Servers2 nameWhen you modify the role(s), username, and password, if you want to see an affect to take place, modify it under the latter instance example; the server restart comes after.