3 Replies Latest reply on Apr 18, 2008 2:01 PM by mcalello

j_securitycheck error 404

kokhang Jan 15, 2008 6:39 PM

I have a webapp running. When I try to access a protected page, it will take me to the login page. There, I enter the user name and password. When i submit the form, the login page is shown again. If i enter my login info again, it will take me to an error page with the following information:

HTTP Status 404 - /j_security_check

type Status report

message /j_security_check

description The requested resource (/j_security_check) is not available.
JBossWeb/2.0.0.GA

if, however, I refresh the page after the login page is shown for the second time, I am taken to the protected page. This issue is intermittent.

I tried solving the problem by disabling caching but it still didnt work.
This is what i have done so far but with no success:

- Had all pages contain the following:
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Expires" content="-1"/>

- Followed the instructions to disable caching from
http://wiki.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials
and
http://wiki.jboss.org/wiki/Wiki.jsp?page=DisableCacheControl

The following is snippet of my web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Site</web-resource-name>
<url-pattern>/webadmin.html</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>

<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>

<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>

</security-constraint>

<security-role>
Admin Role
<role-name>Admin</role-name>
</security-role>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>

<welcome-file-list>
<welcome-file>webadmin.html</welcome-file>
</welcome-file-list>

I'll appreciate any help i can get in order to get this issue resolved

1. Re: j_securitycheck error 404

wolfgangknauf Jan 16, 2008 11:24 AM (in response to kokhang)

Did you activate logging of the security layer ?
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ (question 4) ?
Maybe this helps tracking down the problems.

Best regards

Wolfgang
Actions
2. Re: j_securitycheck error 404

kokhang Jan 22, 2008 10:52 AM (in response to kokhang)

I'm still experiencing this problem. Does anyone know how to solve this issue?
Actions
3. Re: j_security_check error 404 (Bump) (Bump)

mcalello Apr 18, 2008 2:01 PM (in response to kokhang)
Has this issues been resolved?
Someone has to know how to fix this??

We just migrated to 4.2.2GA and are now encountering the same issue. We already had the caching disabled for our site as well.

One note is that we did end up changing our login form:

From
<form method="post" action="<%=response.encodeURL("/j_security_check")%>" >

To
<form method="post" action="<%=response.encodeURL("j_security_check")%>" >

Basically removing the leading slash, since without it were getting a weird
assumption that j_security_check resided within our application context:

http://<domain>/<app>/j_security_check

instead of the appropriate:
http://<domain>/j_security_check
Actions

Go to original post