4 Replies Latest reply on Oct 5, 2005 5:32 PM by thaenni

Problem with j_target_url

thaenni Oct 5, 2005 2:39 PM

My app uses j_security_check, welcome page=login.html which posts to j_security_check and specifies the following:

The problem is that if the user does not request index.jsp and just goes to the root of the application context or specifies login.html, the security check does not know where to send the user, so it tries to load a resource equal to the name of the jsession on the root context, such as:

http://192.168.1.1:8080/;jsessionid=5u17fu4hknvhh

and the 404 error is:

HTTP ERROR: 404 %2F%3Bjsessionid%3D5u17fu4hknvhh+Not+Found
RequestURI=/;jsessionid=5u17fu4hknvhh

What I need is a way to configure where good login attempts should go by default (index.jsp), even when that target is not specified. I thought j_target_url would do this, but it does not seem to work as implemented.

TIA

1. Re: Problem with j_target_url

brian.stansberry Oct 5, 2005 2:52 PM (in response to thaenni)

Typically you don't define your login page as your welcome page -- make the welcome page index.jsp and login.html the login page:

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
Actions
2. Re: Problem with j_target_url

thaenni Oct 5, 2005 4:05 PM (in response to thaenni)

Thank you, I actually tried this before. But it doesn't work because the first thing index.jsp does is:

if (null != session)
{
String uname = request.getUserPrincipal().getName();
... more code
}

which throws a null pointer when I have index.jsp as the welcome page.
Actions
3. Re: Problem with j_target_url

brian.stansberry Oct 5, 2005 5:25 PM (in response to thaenni)

Is index.jsp a secured resource? If so you shouldn't get to it until authentication is complete.
Actions
4. Re: Problem with j_target_url

thaenni Oct 5, 2005 5:32 PM (in response to thaenni)

Yes it is, or at least I believe it is. That is what has me confused. Here is my web.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<session-config>
<session-timeout>480</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>UserSecurity</display-name>
<web-resource-collection>
<web-resource-name>TranscriptResource</web-resource-name>
Accessible by authorized users
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>User</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>UserRealm</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/login_error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>User</role-name>
</security-role>
</web-app>
Actions

Go to original post