tomcatj-security-checkhttp-status-code-408

Request to j_security_check return 408 error only with right paramters


I want to send request to j_security_check from servlet and get auth cookie from response. Code:

String url = "http://someserver:8080/j_security_check?j_username=user&j_password=qwerty";
HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();

If I put wrong auth parameters then on response I get a default wrong-login page, but if I put right auth parameters I got server code 408. What's wrong?


Solution

  • To get some resource on the tomcat server with j_security_check auth it is necessary to implement three steps:

    1. Send GET request to the needed private resource, in response you get a cookie (Header "Set cookie".
    2. Send request with cookie (from step 1) to the j_security_check. On response you should get code 302 - "Moved Temporarily".
    3. Now you can repeat request to the private resource with same cookie, on responce you get needed resource data.