0

I use jetty FormAuthenticator to validate the login data like this

FormAuthenticator authenticator = new FormAuthenticator("login",  "login", false);

In the login form, I have

<form method='POST' action='app/j_security_check'>
</form>

The problem is when I run the tests, if I type this url 

localhost:8080/app/j_security_check

I get an 500 error. All the other incorrect url cases can be re-directed except this one. Is there any way to handle this? I tried with filter and it does not work. Thanks

CMZS
  • 601
  • 6
  • 21
  • Error 500 is usually a server error, an exception. Figure out the exception and you'll probably have an answer. – Joakim Erdfelt Mar 23 '17 at 19:58
  • I need to have some logic to handle the case that url is "localhost:8080/app/j_security_check". Jetty takes this url and does the authentication as normal which causes NPE as no username is provided. The normal case is user inputs username/password on the form and clicks Login button. Here I type the url directly and got the error. How can I handle this? – CMZS Mar 23 '17 at 20:30
  • `j_security_check` is not part of Jetty, nothing in Jetty itself is doing anything special with a URL with that path. Something in your app is configured to respond to `j_security_check`, that component needs to be investigated. – Joakim Erdfelt Mar 23 '17 at 20:45
  • Look at source code of org.eclipse.jetty.security.authentication.FormAuthenticator. There is a method validateRequest(...). It uses a method isJSecurityCheck(), which checks whether the path is "__J_SECURITY_CHECK". This is a constant value equals to "j_security_check". FormAuthenticator handles "j_security_check" in method validateReqeust(). I read the code several times but not able to find out how it handles the case when "/j_security_check" is from a http get. – CMZS Mar 23 '17 at 21:25
  • Well it's not about http get or post. It's about request.getParameter("j_username"): it returns null when there is no username, and the null value finally causes NPE. I think this is not doable. Thanks for the comments anyway. – CMZS Mar 24 '17 at 01:52

0 Answers0