0

I've try to done a assignment at school. But, I'm facing problem.

j_security_check alway return fail. I've try to google many document. but it couldn't solve this.

Anyone has some idea? And how to redirect new page after login, now i can see i could response only a text.

maybe i wrong at <realm-name>UserDatabase</realm-name>, but i dont know how to change it.

Thanks for your reading,.

Login.html file:

<form id="login" method="post" action="j_security_check" >
        <input name="j_username" type="text" value="123">
        <input name="j_password" type="text" value="123">
        <input type="submit" value="Login" />
    </form>

LoginType.java

 protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    //        processRequest(request, response);
    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter();
    try {
        out.println("Success");
    } finally {
        out.close();
    }
}

web.xml file:

<servlet>
    <servlet-name>Logintype</servlet-name>
    <servlet-class>Logintype</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Logintype</servlet-name>
    <url-pattern>/Logintype</url-pattern>
</servlet-mapping>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>Vaadin application</web-resource-name>
        <url-pattern>/Logintype</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>users</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>UserDatabase</realm-name>
    <form-login-config>
        <form-login-page>/Login.html</form-login-page>
        <form-error-page>/Fail.html</form-error-page>
    </form-login-config>
</login-config>
<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>

tomcat-user.xml file:

<tomcat-users>
<role rolename="tomcat"/>
 <role rolename="role1"/>
 <role rolename="users"/>
 <user username="123" password="123" roles="users"/>
 <user username="tomcat" password="tomcat" roles="tomcat"/>
 <user username="both" password="tomcat" roles="tomcat,role1"/>
 <user username="role1" password="tomcat" roles="role1"/>
  </tomcat-users>

server.xml 

  <Realm className="org.apache.catalina.realm.LockOutRealm">
    <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
           resourceName="UserDatabase"/>
  </Realm>
jmail
  • 5,944
  • 3
  • 21
  • 35
Kevin Huynh
  • 39
  • 1
  • 1
  • 8
  • 1
    Where is the configuration of spring-security? Are you mixing / confusing tomcat based basic auth with spring security? That will not work. – Dirk Lachowski Mar 04 '14 at 08:08
  • You have to attempt to hit a protected resource *first*, then you'll get the login page. The servlet-spec does not account for drive-by logins where the user hits the login page directly. – Christopher Schultz Mar 04 '14 at 15:04
  • Sorry but i dont know what i do exactly now @DirkLachowski i dont use any framework, so where can i see that file? i create project java web application, and dont choice any framework. – Kevin Huynh Mar 04 '14 at 15:11
  • If you are not using a framework then 'j_security_check' is the wrong way. You can find information about tomcat basic auth here: http://stackoverflow.com/q/2014619/1686330 and here: http://www.tomcatexpert.com/ask-the-experts/basic-auth-configuration-tomcat-7-https – Dirk Lachowski Mar 04 '14 at 15:29
  • Hi,I found the error. Because i install tomcat first, and when install netbean i have another but the same version. So i must use tomcat-user in netbean file. Thanks for your answer :) – Kevin Huynh Mar 05 '14 at 08:57

0 Answers0