Where can I find "j_security

Is there a standard location for "j_security_check" so that i can take a look at it?

A search of my computer does not find the file, just references to it. So either its hidden for security reasons or is it not a file?

I have been locked out of an Application and this is the first place im taking a look at for solutions.

What is J_security_check in Java?

Using j_security_check in JavaServer Faces Forms As described in Form-Based Authentication, Java EE security defines the j_security_check action for login forms. This allows the web container to authenticate users from many different web application resources.

How j_ security_ check works?

When the container sees the "j_security_check" action, it uses some internal mechanism to authenticate the caller. If the login succeeds and the caller is authorized to access the secured resource, then the container uses a session-id to identify a login session for the caller from that point on.

It's part of the Servlet API and implemented by the servletcontainer. In your case, it's implemented by Tomcat. More specifically, the org.apache.catalina.authenticator.FormAuthenticator class.

227        // Is this the action request from the login page?
228        boolean loginAction =
229            requestURI.startsWith(contextPath) &&
230            requestURI.endsWith(Constants.FORM_ACTION);
231
232        // No -- Save this request and redirect to the form login page
233        if (!loginAction) {
234            session = request.getSessionInternal(true);
235            if (log.isDebugEnabled())
236                log.debug("Save request in session '" + session.getIdInternal() + "'");
237            try {
238                saveRequest(request, session);
239            } catch (IOException ioe) {
240                log.debug("Request body too big to save during authentication");
241                response.sendError(HttpServletResponse.SC_FORBIDDEN,
242                        sm.getString("authenticator.requestBodyTooBig"));
243                return (false);
244            }
245            forwardToLoginPage(request, response, config);
246            return (false);
247        }
248
249        // Yes -- Validate the specified credentials and redirect
250        // to the error page if they are not correct
251        Realm realm = context.getRealm();
252        if (characterEncoding != null) {
253            request.setCharacterEncoding(characterEncoding);
254        }
255        String username = request.getParameter(Constants.FORM_USERNAME);
256        String password = request.getParameter(Constants.FORM_PASSWORD);
257        if (log.isDebugEnabled())
258            log.debug("Authenticating username '" + username + "'");
259        principal = realm.authenticate(username, password);
260        if (principal == null) {
261            forwardToErrorPage(request, response, config);
262            return (false);
263        }

The Constants.FORM_ACTION is /j_security_check.

As to your concrete problem of being locked out, just make sure that you supply the proper username and password. The user database is normally configured by a realm.

This is not a file, this is an alias for container based authentification:

http://docs.oracle.com/javaee/1.4/tutorial/doc/Security5.html

Where can I find "j_security_check"?

Tags:

java

jsp

servlets

tomcat

Deepend

People also ask

2 Answers

BalusC

Emmanuel Bourg

Recent Activity

Donate For Us