that old problem - Invalid direct reference to form login page

Tue, 15 Apr 2008 04:31:04 -0700 

Howdy.

I've just spent two hours Googling, Yahooing, and searching the Tomcat list
for a fix for this problem:

PROBLEM (with steps leading to)

I attempt to access a private page (myview.jsp)
Tomcat 5.5 properly sends me to login.jsp
I enter my username/password, submit, and my JNDIRealm LDAP lookup is made
I get the error page:
  HTTP Status 400 - Invalid direct reference to form login page

This is a pretty simple case.  Everything I've seen on forums related to
this problem focus on the idea that the user has directly requested the
login page.  I absolutely haven't done that.

I've tried adding some stuff to the top of the login.jsp (as per a
suggestion on one of the Sun forums) to send the request elsewhere if the
session exists.  I've explored a lot of things, but it still makes no sense
to me.

My best guess is that there's something wrong with my Realm definition in
server.xml, or in my security stuff in web.xml.  So for reference, here are
the interesting bits of each:

----- server.xml ----
        <Context path="/ui2"
             docBase="C:\work\ui2"
             privileged="true"
             reloadable="true"
             cookies="true"
             debug="true">
          <Realm className          = "org.apache.catalina.realm.JNDIRealm"
                 debug              = "99"
                 connectionURL      = "ldap://192.168.223.129:3268";
                 connectionName     = "vm2003\ldapqueryuser"
                 connectionPassword = "supersecret"
                 referrals          = "follow"
                 userBase           = "dc=vm2003,dc=local"
                 userSearch         = "(sAMAccountName={0})"
                 userSubtree        = "true"
                 digest             = "MD5"
                 roleBase           = "dc=vm2003,dc=local"
                 roleName           = "cn"
                 roleSubtree        = "true"
                 roleSearch         = "(member={0})"
            /> <!-- end of realm -->

         ...
      /> <!-- end of context -->

----- web.xml ----

...
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Protected Area</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>ui2users</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/login-failure.jsp</form-error-page>
        </form-login-config>
    </login-config>

    <security-role>
        <role-name>ui2users</role-name>
    </security-role>

 ...

__________________

I've spent time in book on safari.oreilly, reading countless tutorials and
docs online, and I'm at a dead end.

I surely hope someone see's where I've made a mistake.

Thanks,
Michael

Reply via email to