4 Replies Latest reply on Oct 18, 2012 10:56 AM by srinivas.barad

HTTP Status 404 - /j_security_check - Again!

nchivukula Oct 5, 2010 11:23 AM

Hello folks,

After many unsuccessful attempts in trying to "re-login" using Form based authentication, I'm becoming frustrated. Well, I have seen similar problems posted by other people in various forums but I couldn't see any fitting solution.

I'm using JBoss 5.1.0.GA version, where my web application is deployed. I use Form based authentication and the security credentials are validated by LDAP server. Initially I tried using /j_security_check as a path to my LoginFilter hoping the filter logic would be executed before server taking over the request. But, I lately realized the code in LoginFilter was not getting executed. Fair enough, I used some other path to the Filter and changed my login.jsp form action. After performing my filter logic, at the end I'm redirecting to j_security_check path with j_username and j_password in the request url string. This works perfectly fine. When I logout (I'm invalidating session and deleting cookies in Logout servlet) and try to re-login, here comes the problem, the browser just refreshes and in my third login it takes me to "HTTP Status 404 - <appl-context>/j_security_check" page. I'm frustrated not because I don't have the solution, but I don't know how the problem is occuring. At the same time, when I open a new browser, my login works and so does for every new browser. I couldn't comprehend if it's a browser problem or server cache problem. Can anyone please let me know how to fix this issue?

Cheers,

Naren

1. Re: HTTP Status 404 - /j_security_check - Again!

jaikiran Oct 6, 2010 2:24 AM (in response to nchivukula)

I'm not really sure what you are doing with the filter. Why are you using a filter? For a FORM based login, you just need to provide your login page with the appropriate action. What are the contents of your login page?
Actions
2. Re: HTTP Status 404 - /j_security_check - Again!

nchivukula Oct 6, 2010 4:20 AM (in response to jaikiran)

Thanks for your reply Jai.

Actually, the problem is not with the filter. But, with the j_security_check action itself. For your information, I'm performing some basic checks if password expired/ password re-set by the admin (if so, I redirect to 'Change Password' page) and so on. I'm not getting my head around of why on earth the login works only for the first time? If its application cache problem, then I'm using

flushOnSessionInvalidation ="true"
attribute in <security-domain> element of jboss-web.xml.
I believe it could be browser's cache as if I open new browser and try login, it always works. I suppose this feature of login is a basic requirement for any form based security enabled web application running in Jboss.
Actions
3. Re: HTTP Status 404 - /j_security_check - Again!

nchivukula Oct 6, 2010 6:35 AM (in response to nchivukula)

Well, I got the solution myself. It has nothing to do with j_security_check at all but with "servletPath"!
After a meticulous debug of my code and imagining how would the second request object has been different from first, I realized in my second attempt after logout, I'm redirecting to login page! But, how would the server know where to go after successful login? So, I changed that to redirect to a protected home page which I wanted to see after login and now every works as expected. If anyone's already looking into the problem, apologies for grabbing their time but I hope this post would be useful for other similar problems.
Actions
4. Re: HTTP Status 404 - /j_security_check - Again!

srinivas.barad Oct 18, 2012 10:56 AM (in response to nchivukula)

Dear Naren,

I am also facing the same problem.

When first time login application is working fine, after session time out(after 15 min), when try to login again the application displays 404 error and if I click on the any other link, system shows the logged in details.

The below entries are from web.xml. Please advise.

security-constraint>
    <web-resource-collection>
      <web-resource-name>Eform Authentication</web-resource-name>
      <url-pattern>/loginAuthenticateAction.action</url-pattern>
      <url-pattern>/submitOnlineLogin.action</url-pattern>
      <url-pattern>/anonymousuploadLogin.action</url-pattern>
      <url-pattern>/redirectOrbeon.action</url-pattern>
      <url-pattern>/userProfileAction.action</url-pattern>
      <url-pattern>/loginRegister.action</url-pattern>
      <url-pattern>/LoadFormAttachmentUploadUserInterface.action</url-pattern>
      <url-pattern>/RegisterUserSubmitNewForm.action</url-pattern>
      <url-pattern>/logoutAction.action</url-pattern>
      <url-pattern>/submitEForm.action</url-pattern>
      <url-pattern>/statusHistoryAction.action</url-pattern>
      <url-pattern>/showpopuptransactionsattachments.action</url-pattern>
      <url-pattern>/LoadAdvancedTransSearch.action</url-pattern>
      <url-pattern>/BasicTransactionSearch.action</url-pattern>
      <url-pattern>/completeAttachments.action</url-pattern>
      <url-pattern>/j_security_check</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>registered</role-name>
         <role-name>CSC</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>Eform Authentication</realm-name>
    <form-login-config>
      <form-login-page>/loginAction.action</form-login-page>
      <form-error-page>/loginFailedAction.action</form-error-page>
    </form-login-config>
</login-config>
<security-role>
<role-name>registered</role-name>
</security-role>
<security-role>
<role-name>CSC</role-name>
</security-role>

Regards
Srinivas Barad
Actions

Go to original post