Hi,

I have a web application where am using form authentication to authenticate the user account, after that I am having a filter where am checking whether the user name is equal to admin else am redirecting to the login error page again. But now if the user submit any login its navigating to a url like below below and a blank page is getting displayed.

http://localhost:8080/webapps2/j_security_check

The login.html is like below.

<h2>Login Page</h2>

<br><br>

<form action="j_security_check" method=post>

    <p><strong>Please Enter Your User Name: </strong>

    <input type="text" name="j_username" size="25">

    <p><p><strong>Please Enter Your Password: </strong>

    <input type="password" size="15" name="j_password">

    <p><p>

    <input type="submit" value="Submit">

    <input type="reset" value="Reset">

</form>

The error.html is like below

<h2>Login Incorrect, please log in:</h2>

<br><br>

<form action="j_security_check" method=post>

    <p><strong>Please Enter Your User Name: </strong>

    <input type="text" name="j_username" size="25">

    <p><p><strong>Please Enter Your Password: </strong>

    <input type="password" size="15" name="j_password">

    <p><p>

    <input type="submit" value="Submit">

    <input type="reset" value="Reset">

</form>

the filter code is like below

@Override

  public void doFilter(ServletRequest req, ServletResponse resp,

  FilterChain chain) throws IOException, ServletException {

  HttpServletRequest request = (HttpServletRequest)req;

  if(request.getUserPrincipal() != null){

  boolean result = validateUser(request.getUserPrincipal().getName());

  if(!result){

  HttpSession session  = request.getSession(false);

  session.invalidate();

  request.logout();

  request.getRequestDispatcher("/error.html").forward(req, resp);

  return;

  }

  }

  chain.doFilter(req, resp);

  }

The contents of web.xml file is below.

<web-app>

  <welcome-file-list>

  <welcome-file>index.html</welcome-file>

  </welcome-file-list>

  <listener>

    <listener-class>com.listener.MyListener</listener-class>

  </listener>

  <filter>

  <filter-name>LoginFilter</filter-name>

  <filter-class>com.Filter.LoginFilter</filter-class>

  </filter>

  <filter-mapping>

  <filter-name>LoginFilter</filter-name>

  <url-pattern>/*</url-pattern>

  </filter-mapping>

      <!-- Roles -->

  <security-role>

    <description>Any rol </description>

    <role-name>*</role-name>

  </security-role>

      <!-- Resource / Role Mapping -->

  <security-constraint>

    <display-name>Area secured</display-name>

    <web-resource-collection>

      <web-resource-name>protected_resources</web-resource-name>

      <url-pattern>/*</url-pattern>

      <http-method>GET</http-method>

      <http-method>POST</http-method>

    </web-resource-collection>

    <auth-constraint>

      <description>User with any role</description>

      <role-name>*</role-name>

    </auth-constraint>

  </security-constraint>

<security-constraint>

<web-resource-collection>

  <web-resource-name>Login pages</web-resource-name>

  <url-pattern>/login.html</url-pattern>

  <url-pattern>/error.html</url-pattern>

</web-resource-collection>

</security-constraint>

  <login-config>

    <auth-method>FORM</auth-method>

    <realm-name>Tomcat SALES Application</realm-name>

    <form-login-config>

            <form-login-page>/login.html</form-login-page>

            <form-error-page>/error.html</form-error-page>

        </form-login-config>

  </login-config>

</web-app>

Please let me know what is the issue with my configurations.