[jboss-user] [Security & JAAS/JBoss] - Re: from login.jsp -->HTTP Status 400 - Invalid direct refer

shankaran do-not-reply at jboss.com
Wed Oct 18 08:25:12 EDT 2006 

jaikiran thanks for quick reply...

yeah thats correct.i am doing exactly you said.
my app work fine when i execute "http://localhost:8080/Myapp".
when i login using the url "http://localhost:8080/Myapp/login.jsp"
only i got the error.
HTTP Status 400 - Invalid direct reference to form login page

"http://localhost:8080/Myapp/login.jsp"-- after hitting this url, i see login page then i give valid username and password then click submit then only i got above error.
but when i given wrong username and pwd i got error msg "user name pwd wrong".
so only when i give valid username and pwd then only i got error,
from this "j_security_check" working properly so i had done the mistake in 
configuring jsp page(security constrint) in web.xml.

1)i have welcom.jsp as welcomefile and restricted.
  <welcome-file-list>
   <welcome-file>welcome.jsp</welcome-file>
 </welcome-file-list>
  
   <security-constraint>
    <display-name>global access</display-name>
    <web-resource-collection>
      <web-resource-name>everyone</web-resource-name>
      <url-pattern>/welcome.jsp</url-pattern>
      <url-pattern>/login.jsp</url-pattern>
      <url-pattern>/loginErr.jsp</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>sample1</role-name>
      </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

2) then i have the login.jsp for login.(i mentioned this login.jsp in above security constraint.is it correct?

 <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>MoviesRealm</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/loginErr.jsp</form-error-page>
    </form-login-config>
  </login-config>

i put my full web.xml file IN FIRST forum. what wrong with this? could you plz help. is "j_uri" fix this problem? .
Thanks,
shankaran. 


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3979056#3979056

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3979056

More information about the jboss-user mailing list