3 Replies Latest reply on Oct 8, 2004 2:43 PM by Scott Stark

    resource (/j_security_check) is not available.

    Greg Lloyd Newbie

      Hello I have been plugging away at this for a while now and can't seem to figure out where I have gone wrong. I am trying to use the DatabaseLoginModule with form based authentication. No matter what I enter into the username and password fields I get the above message and no errors of any sort in my logs. Please help my config files are below. I can see in the startup logs that the domain tatrackerRealm is created, but this is the only indication that anything is working.

      web.xml:

      <?xml version="1.0" encoding="UTF-8"?>
      <web-app version="2.4"
      xmlns="http://java.sun.com/xml/ns/j2ee"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
      http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

      <servlet-name>Controller</servlet-name>
      <servlet-class>anteon.rk.frameworks.gato.Controller</servlet-class>

      <servlet-mapping>
      <servlet-name>Controller</servlet-name>
      <url-pattern>*.gato</url-pattern>
      </servlet-mapping>

      <security-role><role-name>Admin</role-name></security-role>
      <security-role><role-name>TALiaison</role-name></security-role>
      <security-role><role-name>CCB</role-name></security-role>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>GatoController</web-resource-name>
      Web application gateway servlet

      <url-pattern>*.gato</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>DELETE</http-method>
      <http-method>HEAD</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Admin</role-name>
      <role-name>TALiaison</role-name>
      <role-name>CCB</role-name>
      </auth-constraint>
      </security-constraint>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>AllCompiledPages</web-resource-name>
      All jsp pages
      <url-pattern>/site/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>DELETE</http-method>
      <http-method>HEAD</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Admin</role-name>
      <role-name>TALiaison</role-name>
      <role-name>CCB</role-name>
      </auth-constraint>
      </security-constraint>
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>HomePage</web-resource-name>
      Home Page
      <url-pattern>/index.jsp</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>DELETE</http-method>
      <http-method>HEAD</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>Admin</role-name>
      <role-name>TALiaison</role-name>
      <role-name>CCB</role-name>
      </auth-constraint>
      </security-constraint>
      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>java:jaas/tatrackerRealm</realm-name>
      <form-login-config>
      <form-login-page>/Welcome.jsp</form-login-page>
      <form-error-page>/Error.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <welcome-file-list>
      <welcome-file>index.html</welcome-file>
      <welcome-file>index.htm</welcome-file>
      <welcome-file>index.jsp</welcome-file>
      <welcome-file>default.html</welcome-file>
      <welcome-file>default.htm</welcome-file>
      <welcome-file>default.jsp</welcome-file>
      </welcome-file-list>
      <ejb-ref>
      <ejb-ref-name>ejb/QueryStore</ejb-ref-name>
      <ejb-ref-type>Session</ejb-ref-type>
      anteon.rk.ccarc.tatracker.interfaces.QueryStoreHome
      anteon.rk.ccarc.tatracker.interfaces.QueryStore
      <ejb-link>GatoEJB.jar#QueryStore</ejb-link>
      </ejb-ref>
      </web-app>

      ********************************************
      jboss-web.xml:
      <jboss-web>
      <!-- Uncomment the security-domain to enable security. You will
      need to edit the htmladaptor login configuration to setup the
      login modules used to authentication users.
      -->

      <security-domain>java:jaas/tatrackerRealm</security-domain>
      <unauthenticated-principal>Unknown</unauthenticated-principal>
      </jboss-web>

      [question] where do I do edit the "htmladaptor login configuration" and what is that?
      *********************************************************

      login-conf.xml:: application policy for desired domain/realm
      <application-policy name = "tatrackerRealm">

      <login-module code="org.jboss.security.ClientLoginModule" flag="required"/>
      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "unauthenticatedIdentity">Unknown</module-option>
      <module-option name = "dsJndiName">java:/TaTrac2DS</module-option>
      <module-option name = "principalsQuery">SELECT PASSWORD FROM CONTACT WHERE USERNAME=?</module-option>
      <module-option name = "rolesQuery">SELECT C.USERNAME, R.ROLE FROM ROLES AS R, CONTACT AS C, ROLEMAP AS M WHERE C.USERNAME = ? AND C.GROUPID = M.GROUPID AND M.ROLEID = R.ROLEID </module-option>
      <!-- <module-option name = "hashAlgorithm">SHA</module-option>
      <module-option name = "hashEncoding">base64</module-option>
      <module-option name = "hashCharset">UTF-8</module-option> -->
      </login-module>

      </application-policy>

        • 1. resource (/j_security_check) is not available.
          Scott Stark Master

          Hello I have been plugging away at this for a while now and can't seem to figure out where I have gone wrong. I am trying to use the DatabaseLoginModule with form based authentication. No matter what I enter into the username and password fields I get the above message and no errors of any sort in my logs. Please help my config files are below. I can see in the startup logs that the domain tatrackerRealm is created, but this is the only indication that anything is working.

          web.xml:

          <?xml version="1.0" encoding="UTF-8"?>
          <web-app version="2.4"
          xmlns="http://java.sun.com/xml/ns/j2ee"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
          http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

          <servlet-name>Controller</servlet-name>
          <servlet-class>anteon.rk.frameworks.gato.Controller</servlet-class>

          <servlet-mapping>
          <servlet-name>Controller</servlet-name>
          <url-pattern>*.gato</url-pattern>
          </servlet-mapping>

          <security-role><role-name>Admin</role-name></security-role>
          <security-role><role-name>TALiaison</role-name></security-role>
          <security-role><role-name>CCB</role-name></security-role>

          <security-constraint>
          <web-resource-collection>
          <web-resource-name>GatoController</web-resource-name>
          Web application gateway servlet

          <url-pattern>*.gato</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
          <http-method>DELETE</http-method>
          <http-method>HEAD</http-method>
          </web-resource-collection>
          <auth-constraint>
          <role-name>Admin</role-name>
          <role-name>TALiaison</role-name>
          <role-name>CCB</role-name>
          </auth-constraint>
          </security-constraint>

          <security-constraint>
          <web-resource-collection>
          <web-resource-name>AllCompiledPages</web-resource-name>
          All jsp pages
          <url-pattern>/site/*</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
          <http-method>DELETE</http-method>
          <http-method>HEAD</http-method>
          </web-resource-collection>
          <auth-constraint>
          <role-name>Admin</role-name>
          <role-name>TALiaison</role-name>
          <role-name>CCB</role-name>
          </auth-constraint>
          </security-constraint>
          <security-constraint>
          <web-resource-collection>
          <web-resource-name>HomePage</web-resource-name>
          Home Page
          <url-pattern>/index.jsp</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
          <http-method>DELETE</http-method>
          <http-method>HEAD</http-method>
          </web-resource-collection>
          <auth-constraint>
          <role-name>Admin</role-name>
          <role-name>TALiaison</role-name>
          <role-name>CCB</role-name>
          </auth-constraint>
          </security-constraint>
          <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>java:jaas/tatrackerRealm</realm-name>
          <form-login-config>
          <form-login-page>/Welcome.jsp</form-login-page>
          <form-error-page>/Error.jsp</form-error-page>
          </form-login-config>
          </login-config>

          <welcome-file-list>
          <welcome-file>index.html</welcome-file>
          <welcome-file>index.htm</welcome-file>
          <welcome-file>index.jsp</welcome-file>
          <welcome-file>default.html</welcome-file>
          <welcome-file>default.htm</welcome-file>
          <welcome-file>default.jsp</welcome-file>
          </welcome-file-list>
          <ejb-ref>
          <ejb-ref-name>ejb/QueryStore</ejb-ref-name>
          <ejb-ref-type>Session</ejb-ref-type>
          anteon.rk.ccarc.tatracker.interfaces.QueryStoreHome
          anteon.rk.ccarc.tatracker.interfaces.QueryStore
          <ejb-link>GatoEJB.jar#QueryStore</ejb-link>
          </ejb-ref>
          </web-app>

          ********************************************
          jboss-web.xml:
          <jboss-web>
          <!-- Uncomment the security-domain to enable security. You will
          need to edit the htmladaptor login configuration to setup the
          login modules used to authentication users.
          -->

          <security-domain>java:jaas/tatrackerRealm</security-domain>
          <unauthenticated-principal>Unknown</unauthenticated-principal>
          </jboss-web>

          [question] where do I do edit the "htmladaptor login configuration" and what is that?
          *********************************************************

          login-conf.xml:: application policy for desired domain/realm
          <application-policy name = "tatrackerRealm">

          <login-module code="org.jboss.security.ClientLoginModule" flag="required"/>
          <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
          flag = "required">
          <module-option name = "unauthenticatedIdentity">Unknown</module-option>
          <module-option name = "dsJndiName">java:/TaTrac2DS</module-option>
          <module-option name = "principalsQuery">SELECT PASSWORD FROM CONTACT WHERE USERNAME=?</module-option>
          <module-option name = "rolesQuery">SELECT C.USERNAME, R.ROLE FROM ROLES AS R, CONTACT AS C, ROLEMAP AS M WHERE C.USERNAME = ? AND C.GROUPID = M.GROUPID AND M.ROLEID = R.ROLEID </module-option>
          <!-- <module-option name = "hashAlgorithm">SHA</module-option>
          <module-option name = "hashEncoding">base64</module-option>
          <module-option name = "hashCharset">UTF-8</module-option> -->
          </login-module>

          </application-policy>

          • 2. Re: resource (/j_security_check) is not available.
            Greg Lloyd Newbie

             

            "scott.stark@jboss.org" wrote:
            The error indicates you are posting to j_security_check outside of a form authentication attempt. This is not a generally usable url.

            For the jaas configuration issues read the JAAS howto.


            I had been using version 3.2.4 and upgraded to 3.2.5 used the exact same configuration and that specific error no longer happens.

            I have posted my configuration so instead of telling me what the error indicates it would have been better to tell me how it is that my configuration makes that happen if it does in fact have something to do with my configuration and not indeterminant behavior on the part of the app server. I request a protected page, my request was forwarded to the page setup in the web.xml as the form-login-page, the form posts to the j_security_check just as the how-to describes and that error occured. This sequence of events doesn't differ from anything in the documentation, other than the error. I have read the howto and checked it against my configuration more than 20 times I don't need to be told to look at the howto. I am sure that you get many questions that seem to indicate that people aren't doing their homework, but automatically disregarding peoples problems by telling them to read a howto that sucks by any standards is not only aggravating it is insulting. In the future you may just ignore my post forever rather than waiting a week to give some pathetic reply that indicates you are less interested in helping me with my problem than you are with making yourself feel smart. Thanks a lot for all the help.

            • 3. Re: resource (/j_security_check) is not available.
              Scott Stark Master

              The configuration you posted is irrelevant as I said the problem is in how the form is interacting with the server. Good luck on resolving this.