tomcat jdbc域 - j_security不重定向

时间:2014-06-27 12:23:46

标签: java tomcat 

<Realm className="org.apache.catalina.realm.JDBCRealm"
       driverName="com.mysql.jdbc.Driver"
       connectionURL="jdbc:mysql://localhost/db"
       connectionName="user"
       connectionPassword="password"
       allRolesMode="authOnly"
       digest="SHA" 
       userTable="app" 
       userNameCol="login" 
       userCredCol="login"
       userRoleTable="login" 
       roleNameCol="group"/>  

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>realm</realm-name>
    <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
</login-config>

<form action="j_security_check" method="POST">
<tr>username:<td><input type="text"     name="j_username" style="width:100px;"></td></tr>
<tr> password:<td><input type="text"     name="j_ password " style="width:100px;"></td></tr>
<tr>< input type="submit"   name="btnLogin" value="login"></td></tr>
</form>

部署后,我收到HTTP状态400 - 对表单登录页面的无效直接引用

这是浏览器控制台输出.. 

Remote Address:::1:8080
Request URL:http://devserver:8080/testapp/j_security_check
Request Method:POST
Status Code:400 Bad Request
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,ta;q=0.6
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:53
Content-Type:application/x-www-form-urlencoded
Cookie:JSESSIONID=BE7C932856A7794D9C780531A29FB25F
Host:localhost:8080
Origin:http://devserver:8080
Referer:http://devserver:8080/testapp/timeout.jsp
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Form Dataview sourceview URL encoded
j_username:testuser
j_password:testuser
btnLogin:login
Response Headersview source
Connection:close
Content-Length:1054
Content-Type:text/html;charset=utf-8
Date:Fri, 27 Jun 2014 12:13:00 GMT
Server:Apache-Coyote/1.1

另外我启用了log for realm,j_security_check在成功登录后没有重定向

Jun 27, 2014 5:42:49 PM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE:  Not subject to any constraint
Jun 27, 2014 5:43:00 PM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Security checking request POST /testapp/j_security_check
Jun 27, 2014 5:43:00 PM org.apache.catalina.authenticator.FormAuthenticator authenticate
FINE: Authenticating username 'testuser'
Jun 27, 2014 5:43:00 PM org.apache.catalina.authenticator.FormAuthenticator authenticate
FINE: Authentication of 'testuser' was successful
Jun 27, 2014 5:43:00 PM org.apache.catalina.authenticator.FormAuthenticator authenticate
FINE: Redirecting to original 'null'
Jun 27, 2014 5:43:00 PM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE:  Failed authenticate() test ??/ testapp/j_security_check

1 个答案:

答案 0 :(得分:1)

tomcat中的身份验证通过挑战来运行。如果您尝试访问受保护的资源,Tomcat会将您重定向到登录页面。经过身份验证后,它将重定向到请求的初始页面。 如果直接访问登录页面,则没有初始请求,因此出现错误: HTTP Status 400 - Invalid direct reference to form login page

在您的情况下,要么首先尝试访问受保护资源,要么将landingPage属性添加到验证器以获得所需内容(see the documentation

编辑:landingPage属性仅在Tomcat7之后可用。

例如,在context.xml文件中:

<Context>
<Valve className="org.apache.catalina.authenticator.FormAuthenticator" landingPage="connected.jsp"/>
<Realm className="org.apache.catalina.realm.JDBCRealm"
   driverName="com.mysql.jdbc.Driver"
   connectionURL="jdbc:mysql://localhost/db"
   connectionName="user"
   connectionPassword="password"
   allRolesMode="authOnly"
   digest="SHA" 
   userTable="app" 
   userNameCol="login" 
   userCredCol="login"
   userRoleTable="login" 
   roleNameCol="group"/>
</Context>
相关问题
最新问题