9 Replies Latest reply on Jan 9, 2004 11:31 AM by darrinps

    HTTP Status 404 - /bank/j_security_check error when logging

    darrinps Newbie


      "darrinps" wrote:
      When I try to log on after adding the security checking I get an HTTP Status 404 - /bank/j_security_check error.

      The description says that the requested resource (/bank/j_security_check) is not available.

      Now the tutorial said to modify the jboss-web.xml and the jboss.xml files found in the dd directory. I found the jboss-web.xml file, but there is no jboss.xml file in the dd directory (or anywhere else I can find).

      Going through the jboss-build.xml script, I see that the tx-jboss.xml file gets copied over to the build directory as the jboss.xml file. So I added the security-domain element to the tx-jboss.xml and verified that it gets copied over when the package-ejb target gets run.

      The jboss.xml file in the build directory starts out like this:


      And the jboss-web.xml file also in the build directory starts out like this:

      The login-config.xml has the following in it:
      <application-policy name="dukesbank">
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

      My users.properties file has the following:
      # username=password

      My roles.properties file has this:
      # username=role1,role2,role3

      So in short, I THINK everything is set up correctly then I redo everything (pacakge and deploy) but I get that error.

      What have I done wrong?


        • 1. Re: Help please: The Duke's Bank example does not build.
          darrinps Newbie


          "darrinps" wrote:
          "darrinps" wrote:
          Here is what I get when I try to build:

          C:\Sun\j2eetutorial14\examples\bank>ant -f jboss-build.xml compile
          Buildfile: jboss-build.xml


          [javac] Compiling 54 source files to C:\Sun\j2eetutorial14\examples\bank\build

          BUILD FAILED
          file:C:/Sun/j2eetutorial14/examples/bank/jboss-build.xml:49: C:\Sun\j2eetutorial14\examples\bank\${jboss.home}\client not found.

          OK, so it looks like it is trying to find the client directory inside the tutorial instead of under the JBoss home directory.

          Here is what my directory structure looks like:

          ------client <--seems to be looking for this
          ------------------build.properties <-- See note below for contents
          ------------------jboss-build.xml <-- I copied this to here from jbossj2ee

          My build.properties file has the following in it:

          So is there a step that is missing in the tutorial about changing the jboss-build.xml file or did I do something wrong?


          • 2. Re: Missing files in jbossj2ee-src.zip
            darrinps Newbie


            "Ange" wrote:
            "Ange" wrote:
            Ok, Thanks luke_t for your comment.

            I think I had downloaded the wrong tutorial version.
            I was using j2ee-1_4-dr-doc-tutorial.zip instead of
            j2ee-1_3-doc-tutorial-draft5.zip, where these files
            (account-ejb.xml, customer-ejb.xml and tx-ejb.xml)
            are actually included !

            Reading more carefully the last comment from
            darrinps would have helped too.

            Thank you all.

            • 3. Re: HTTP Status 404 - /bank/j_security_check error when logg
              darrinps Newbie


              "darrinps" wrote:
              Still no luck. I've looked over everything I can think of and it all looks correct to me. I searched the net and it looks like this was a common problem a while back that is supposed to have been fixed in Tomcat in that a directory structure was changed and the wildcard (*) wasn't working right.

              Does anyone know what, if anything I could have done to bring it back (modifed a specific file the wrong way)?


              • 4. Re: HTTP Status 404 - /bank/j_security_check error when logg


                "luke_t" wrote:
                It should probably be cleared up in the guide that there are several jboss.xml files - one for each ejb jar, and as you say they are each named differently in the dd directory (for obvious reasons) and copied to the build directory as needed. It seems that the jboss-web.xml already has the security-domain element commented out. The EJB ones won't affect your login.

                The login error looks like it may be a due to a repeated login attempt:


                Make sure you start a new browser session.


                P.S. Google should probably be your first stop for this kind of thing - a search on "j_security_check not available" would have led you to that info pretty fast.

                • 5. Re: HTTP Status 404 - /bank/j_security_check error when logg
                  darrinps Newbie


                  "darrinps" wrote:
                  Thank you for responding, but that is not the problem.

                  I get the problem on the FIRST logon attempt, not going back to the page after an unsuccessful one.

                  I saw that when I did a Google search as well, but that isn't the case for me. Also note that when you reproduce it that way, you get a 400, not a 404 error. The same message for both though I think.

                  Oh, and I've reloaded, stops and restarted, redeployed, etc. etc. time and again....no help.

                  Do you have any other ideas on wht this might be?

                  Has anyone else gotten the security part of the turotial to work?

                  I'd be happy to post any files or E-mail things if anyone wants them. There must be something I'm doing wrong.


                  • 6. Re: HTTP Status 404 - /bank/j_security_check error when logg
                    darrinps Newbie


                    "darrinps" wrote:
                    As another clue or two:

                    It worked as expected before the security part was added and I could view account, transfer funds, etc.

                    If you first enter a wrong user name or password, then it does go to the correct page (Loring Error).

                    If from the Login Error page you hit Logon again (localhost:8080/bank/logon), then enter in the correct user name and password it gives you a 400, not a 404, BUT once you have the 404 it will always then give you a 404 which is I think why a browser refresh was suggested.

                    • 7. Re: HTTP Status 404 - /bank/j_security_check error when logg
                      darrinps Newbie


                      "darrinps" wrote:
                      Well I backed out all of the security markers stopped and started JBoss, and now I'm getting a HTTP Status 400 - Invalid direct reference to form login page when I try the logon (different error).

                      Any thoughts?

                      Has anyone gotten the tutorial to work?


                      • 8. Re: HTTP Status 404 - /bank/j_security_check error when logg


                        "luke_t" wrote:
                        You will find lots of discussion on this issue with Tomcat - it usually means you have browsed directly to the login page.


                        • 9. Re: HTTP Status 404 - /bank/j_security_check error when logg


                          "luke_t" wrote:
                          I notice (as you said) that the logon error page *contains* a direct link to the logon URL, so it's not surprising that it causes this problem in Tomcat. The general opinion is that it the container should forward to the welcome page in this kind of situation, and perhaps this is what Sun's RI does. I think it has also been fixed in Tomcat 5, but it was never fixed in 4 because the developers claimed it wasn't part of the spec and gave the rather ludicrous argument that the users "should be trained not to do it". It's a real pain because you have no control over it and it's a problem that will always crop up in practice. There are various workaround hacks (setting tokens in the session and redirecting from the login page if the user is already logged in or if they have browsed directly to the page), setting a META-REDIRECT tag in the login page to prevent the user from trying to login after a session has timed out and so on.

                          But I wouldn't worry about it here - the tutorial code isn't exactly production quality.