Menu
Is there a standard location for "j_security_check" so that i can take a look at it?
A search of my computer does not find the file, just references to it. So either its hidden for security reasons or is it not a file?
I have been locked out of an Application and this is the first place im taking a look at for solutions.
671
Using j_security_check in JavaServer Faces Forms As described in Form-Based Authentication, Java EE security defines the j_security_check action for login forms. This allows the web container to authenticate users from many different web application resources.
When the container sees the "j_security_check" action, it uses some internal mechanism to authenticate the caller. If the login succeeds and the caller is authorized to access the secured resource, then the container uses a session-id to identify a login session for the caller from that point on.
It's part of the Servlet API and implemented by the servletcontainer. In your case, it's implemented by Tomcat. More specifically, the org.apache.catalina.authenticator.FormAuthenticator class.
227 // Is this the action request from the login page?
228 boolean loginAction =
229 requestURI.startsWith(contextPath) &&
230 requestURI.endsWith(Constants.FORM_ACTION);
231
232 // No -- Save this request and redirect to the form login page
233 if (!loginAction) {
234 session = request.getSessionInternal(true);
235 if (log.isDebugEnabled())
236 log.debug("Save request in session '" + session.getIdInternal() + "'");
237 try {
238 saveRequest(request, session);
239 } catch (IOException ioe) {
240 log.debug("Request body too big to save during authentication");
241 response.sendError(HttpServletResponse.SC_FORBIDDEN,
242 sm.getString("authenticator.requestBodyTooBig"));
243 return (false);
244 }
245 forwardToLoginPage(request, response, config);
246 return (false);
247 }
248
249 // Yes -- Validate the specified credentials and redirect
250 // to the error page if they are not correct
251 Realm realm = context.getRealm();
252 if (characterEncoding != null) {
253 request.setCharacterEncoding(characterEncoding);
254 }
255 String username = request.getParameter(Constants.FORM_USERNAME);
256 String password = request.getParameter(Constants.FORM_PASSWORD);
257 if (log.isDebugEnabled())
258 log.debug("Authenticating username '" + username + "'");
259 principal = realm.authenticate(username, password);
260 if (principal == null) {
261 forwardToErrorPage(request, response, config);
262 return (false);
263 }
The Constants.FORM_ACTION is /j_security_check.
As to your concrete problem of being locked out, just make sure that you supply the proper username and password. The user database is normally configured by a realm.
107
This is not a file, this is an alias for container based authentification:
http://docs.oracle.com/javaee/1.4/tutorial/doc/Security5.html
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
