4 Replies Latest reply on Oct 18, 2006 8:25 AM by a shankaran

    from login.jsp -->HTTP Status 400 - Invalid direct reference

    a shankaran Newbie

      Hi all,

      I want to know how to forward to next page after the j_security_check , in case if i invoke login page directly.

      My problem is:
      My web app work fine for following steps:
      1)hitting the url in IE : http://localhost:8080/Myapp
      2) login.jsp page shown then i entered valid username,pwd then click submit button, "jsecuritycheck" execute then redirect to correct page and every think work fine.

      but in special case :ie)
      1) I type the url in IE: http://localhost:8080/Myapp/login.jsp -- i shown login.jsp i entered valid username,pwd then i click submit button i got following error :

      HTTP Status 400 - Invalid direct reference to form login page
      The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).


      So i wnat to know how to redirect the page after execution of "j security check". is possible?

      my app is j2ee+jboss+jaas under form auth.

      My web.xml is :

      <web-app >

      <welcome-file-list>
      <welcome-file>welcome.jsp</welcome-file>
      </welcome-file-list>

      <security-constraint>
      <display-name>global access</display-name>
      <web-resource-collection>
      <web-resource-name>everyone</web-resource-name>
      <url-pattern>/welcome.jsp</url-pattern>
      <url-pattern>/login.jsp</url-pattern>
      <url-pattern>/loginErr.jsp</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>sample1</role-name>
      <role-name>myGroup</role-name>
      <role-name>myAdminGroup</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      </security-constraint>
      <security-constraint>
      <display-name>movies list</display-name>
      <web-resource-collection>
      <web-resource-name>MoviesMaint</web-resource-name>
      <url-pattern>/movies/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>sample2</role-name>
      </auth-constraint>
      <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      </security-constraint>
      <security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>MoviesRealm</realm-name>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/loginErr.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      <role-name>sample1</role-name>
      </security-role>
      <security-role>
      <role-name>sample2</role-name>
      </security-role>

      </web-app>

      -------------------------------------------------------------------------------

      from login.jsp url i didn't get login this is my problem, please any one give suggesstion to solve this.
      Thanks In Advance,
      Shankaran.

        • 1. Re: from login.jsp -->HTTP Status 400 - Invalid direct refer
          jaikiran pai Master

          You are not supposed to directly access the page that you specified as your login page in the web.xml(in this case login.jsp). This login page is a special page to which the user will be redirected when he tries to access a secure resource and he isnt logged in yet. In your case, you are not supposed to directly use the http://localhost:8080/Myapp/login.jsp.



          • 2. Re: from login.jsp -->HTTP Status 400 - Invalid direct refer
            a shankaran Newbie

            thanks jaikiran..thanks a lot.
            there is no more way to signin to the app from login.jsp directly?
            because most of them store and use the url link as "Favorites" in their IE.
            so what is the solution to this problem?
            now i modified my login page : ie)
            in my login page contain 3 hyperlink.
            1) Movies -- (movielogin.jsp)
            2) Radios -- (radiologin.jsp)
            3) Internet-- (internetlogin.jsp)

            here are the same problem. ie)
            1)i run the app in IE : http://localhost:8080/myapp/
            2) i seen 3 links then i click the "Radios" link the url in IE is:

            http://localhost:8080/myapp/radiologin.jsp
            3) now i give valid input entire site is work fine.
            BUT...
            i am directly(because user may set this link as bookmark and use for login) go to the "http://localhost:8080/myapp/radiologin.jsp" link then give valid input it give same error :

            The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).

            could you please give the suggesstion to overcome this problem because i sicky with this one past 2 week so my production getting late.

            I am new with this J2ee application especially login configuration so could you please instruct me clearly to solve this.

            i am willing to change myapp if this direct url is not possible could you plz tell some other method for login.
            My main think is to avail direct url access for my app.

            Thanks,
            Shankaran.a


            • 3. Re: from login.jsp -->HTTP Status 400 - Invalid direct refer
              jaikiran pai Master

              Here's what you could do:

              - Create a page(lets say index.jsp) and mention this as the welcome page in the web.xml.
              - Also make the index.jsp a restricted resource.
              - This index.jsp will contain all the links (Movies, Radios etc...)
              - Additionally have a login.jsp which will contain only the username and password fields.
              - Let the user access the application using the URL - http://localhost:8080/myapp or http://localhost:8080/myapp/index.jsp
              - If the user is not yet logged in, he will be redirected to login.jsp, which on successfull login will forward him to the index.jsp containing the links. He can then bookmark this index.jsp URL.

              • 4. Re: from login.jsp -->HTTP Status 400 - Invalid direct refer
                a shankaran Newbie

                jaikiran thanks for quick reply...

                yeah thats correct.i am doing exactly you said.
                my app work fine when i execute "http://localhost:8080/Myapp".
                when i login using the url "http://localhost:8080/Myapp/login.jsp"
                only i got the error.
                HTTP Status 400 - Invalid direct reference to form login page

                "http://localhost:8080/Myapp/login.jsp"-- after hitting this url, i see login page then i give valid username and password then click submit then only i got above error.
                but when i given wrong username and pwd i got error msg "user name pwd wrong".
                so only when i give valid username and pwd then only i got error,
                from this "j_security_check" working properly so i had done the mistake in
                configuring jsp page(security constrint) in web.xml.

                1)i have welcom.jsp as welcomefile and restricted.
                <welcome-file-list>
                <welcome-file>welcome.jsp</welcome-file>
                </welcome-file-list>

                <security-constraint>
                <display-name>global access</display-name>
                <web-resource-collection>
                <web-resource-name>everyone</web-resource-name>
                <url-pattern>/welcome.jsp</url-pattern>
                <url-pattern>/login.jsp</url-pattern>
                <url-pattern>/loginErr.jsp</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                </web-resource-collection>
                <auth-constraint>
                <role-name>sample1</role-name>
                </auth-constraint>
                <user-data-constraint>
                <transport-guarantee>CONFIDENTIAL</transport-guarantee>
                </user-data-constraint>
                </security-constraint>

                2) then i have the login.jsp for login.(i mentioned this login.jsp in above security constraint.is it correct?

                <login-config>
                <auth-method>FORM</auth-method>
                <realm-name>MoviesRealm</realm-name>
                <form-login-config>
                <form-login-page>/login.jsp</form-login-page>
                <form-error-page>/loginErr.jsp</form-error-page>
                </form-login-config>
                </login-config>

                i put my full web.xml file IN FIRST forum. what wrong with this? could you plz help. is "j_uri" fix this problem? .
                Thanks,
                shankaran.