Home/ Questions/Q 7573793
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T16:16:20+00:00

I have a web app which runs in apache tomcat, I have used j_security_check

  • 0

I have a web app which runs in apache tomcat, I have used “j_security_check” to protect this application. My code are as follows,

login.jsp

<div id="loginForm">
    <form id="loginfrm" method="post" action="j_security_check">
        <table>
            <tr>
                <td>User Name</td>
                <td><input type="text" id="name" name="j_username" size="20" /></td>
            </tr>
            <tr>
                <td>Password</td>
                <td><input type="password" id="phone" name="j_password" size="20" /></td>
            </tr>
            <tr>
                <td></td>
                <td align="right"><input type="submit" value="Login" id="submitButton"></td>
            </tr>
        </table>
    </form>    
</div>

web.xml

<web-app ...>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>Example Form-Based Authentication Area</realm-name>
        <form-login-config>
            <form-login-page>/success.jsp</form-login-page>
            <form-error-page>/error.jsp</form-error-page>
        </form-login-config>
    </login-config>
</web-app>

Error page,

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>JSP Page</title>
    </head>
    <body>
        <h1>Login ERROR!</h1>
    </body>
</html>

Success page

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>JSP Page</title>
    </head>
    <body>
        <h1>Login Success</h1>
    </body>
</html>

Here when I give a wrong username and a wrong password, error page is showing successfully but when I give correct password and username it shows,

HTTP Status 400 - Invalid direct reference to form login page

type Status report

message Invalid direct reference to form login page

description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).
Apache Tomcat/7.0.22

please anyone could tell me where am I wrong?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The line: 

    <form-login-page>/success.jsp</form-login-page>

    in web.xml should actually be:

    <form-login-page>/login.jsp</form-login-page>

    This tells tomcat that whenever you reach a protected page the login form is locates in login.jsp. What is missing is the definition of the protected pages that actually need authentication to be seen:

    <security-constraint>
  <web-resource-collection>
    <web-resource-name>
      Entire Application
    </web-resource-name>
    <url-pattern>/success.jsp</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name> 'the name of the group with access' </role-name>
  </auth-constraint>
</security-constraint>

    And the definition of the realm, which is your repository for username / password pairs (tomcat realm).

    With these changes when you hit http://localhost:8080/succes.jsp you should be redirected to the login page, and upon a valid set of credentials be sent to /success.jsp and with a bad set of credentials to /error.jsp.

    • 0