1 Reply Latest reply on Jan 11, 2004 7:20 AM by elfuhrer

    HTTP Status 404 on j_security_check?

    darrinps Newbie

      I get this when trying to run the tutorial, but after searching the web, it looks like this may not be a tutorial problem, but something with Tomcat. Anyway, when I try to log on after adding the security checking I get an HTTP Status 404 - /bank/j_security_check error.

      The description says that the requested resource (/bank/j_security_check) is not available.

      Now the tutorial said to modify the jboss-web.xml and the jboss.xml files found in the dd directory. I found the jboss-web.xml file, but there is no jboss.xml file in the dd directory (or anywhere else I can find).

      Going through the jboss-build.xml script, I see that the tx-jboss.xml file gets copied over to the build directory as the jboss.xml file. So I added the security-domain element to the tx-jboss.xml and verified that it gets copied over when the package-ejb target gets run.

      The jboss.xml file in the build directory starts out like this:

      <security-domain>java:/jaas/dukesbank</security-domain>
      <enterprise-beans>

      And the jboss-web.xml file also in the build directory starts out like this:
      <jboss-web>
      <security-domain>java:/jaas/dukesbank</security-domain>
      <ejb-ref>

      The login-config.xml has the following in it:
      <application-policy name="dukesbank">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
      </login-module>

      </application-policy>

      My users.properties file has the following:
      # username=password
      200=j2ee

      My roles.properties file has this:
      # username=role1,role2,role3
      200=BankCustomer

      So in short, I THINK everything is set up correctly then I redo everything (pacakge and deploy) but I get that error.

      Have I done something wrong or is there something that I need to do with Tomcat?

      Thanks!

        • 1. Re: HTTP Status 404 on j_security_check?
          elfuhrer Novice

          This happens because the browser is requesting the page from it's cache. It doesn't know that the page has actually expired (login was successful). You need to set the http expires header. This is appserver dependant.

          For example using if you use SunOne Appserver 7, open the admin console in a browserand click on Http Servers->Virtual Server and select the server instance that is serving your app.

          Click on the http/html tab and select cahce control directives and set the No Cache radio button.

          This guarantees that the expires http header gets set to zero when the page is served so your browser will be forced to get the updated page.

          As a side note, you wont see this behavior if you set your browser options so that it doesn't cache pages. However since you can't guarantee everyone visiting your page will do this, it's safer to set it on the
          server side.

          A workaround to this problem is to call your JSP page from a script. It won't work when called directly from the browser.
          you could use something like:

          <%response.sendRedirect("yourloginpage.jsp");%>

          Fady