4 Replies Latest reply on Oct 5, 2005 5:32 PM by Tia Haenni

    Problem with j_target_url

    Tia Haenni Newbie

      My app uses j_security_check, welcome page=login.html which posts to j_security_check and specifies the following:



      The problem is that if the user does not request index.jsp and just goes to the root of the application context or specifies login.html, the security check does not know where to send the user, so it tries to load a resource equal to the name of the jsession on the root context, such as:

      http://192.168.1.1:8080/;jsessionid=5u17fu4hknvhh

      and the 404 error is:

      HTTP ERROR: 404 %2F%3Bjsessionid%3D5u17fu4hknvhh+Not+Found
      RequestURI=/;jsessionid=5u17fu4hknvhh

      What I need is a way to configure where good login attempts should go by default (index.jsp), even when that target is not specified. I thought j_target_url would do this, but it does not seem to work as implemented.

      TIA

        • 1. Re: Problem with j_target_url
          Brian Stansberry Master

          Typically you don't define your login page as your welcome page -- make the welcome page index.jsp and login.html the login page:

          <login-config>
          <auth-method>FORM</auth-method>
          <form-login-config>
          <form-login-page>/login.html</form-login-page>
          <form-error-page>/error.html</form-error-page>
          </form-login-config>
          </login-config>

          • 2. Re: Problem with j_target_url
            Tia Haenni Newbie

            Thank you, I actually tried this before. But it doesn't work because the first thing index.jsp does is:

            if (null != session)
            {
            String uname = request.getUserPrincipal().getName();
            ... more code
            }

            which throws a null pointer when I have index.jsp as the welcome page.

            • 3. Re: Problem with j_target_url
              Brian Stansberry Master

              Is index.jsp a secured resource? If so you shouldn't get to it until authentication is complete.

              • 4. Re: Problem with j_target_url
                Tia Haenni Newbie

                Yes it is, or at least I believe it is. That is what has me confused. Here is my web.xml

                <?xml version="1.0" encoding="UTF-8"?>
                <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
                <web-app>
                <session-config>
                <session-timeout>480</session-timeout>
                </session-config>
                <welcome-file-list>
                <welcome-file>index.jsp</welcome-file>
                </welcome-file-list>
                <security-constraint>
                <display-name>UserSecurity</display-name>
                <web-resource-collection>
                <web-resource-name>TranscriptResource</web-resource-name>
                Accessible by authorized users
                <url-pattern>*.jsp</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                <role-name>User</role-name>
                </auth-constraint>
                <user-data-constraint>
                <transport-guarantee>NONE</transport-guarantee>
                </user-data-constraint>
                </security-constraint>
                <login-config>
                <auth-method>FORM</auth-method>
                <realm-name>UserRealm</realm-name>
                <form-login-config>
                <form-login-page>/login.html</form-login-page>
                <form-error-page>/login_error.html</form-error-page>
                </form-login-config>
                </login-config>
                <security-role>
                <role-name>User</role-name>
                </security-role>
                </web-app>