struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eddie Bush <>
Subject Re: Logout in a container-managed security environment -- Follow-up
Date Wed, 25 Sep 2002 15:02:57 GMT

I don't remember the solution to this.  The guys on tomcat-user will 
probably tell you to search the archive.  The issue that arises (using 
Apache/TC) is that you have to map things you want the servlet container 
to be responsible for (unless you use mod_webapp; I do not recommend 
this approach - stick with jk).  Play around with adding a mapping for 
j_security_check.  When you figure it out, please post it here or 
directly to me :-)  I'll squirrel it off somewhere so I have it for 
reference the next time someone asks.

You might *try* looking through the TC docs before you start aimlessly 
trying different mappings.  I seem to recall Remmy changed the docs up a 
bit, and they looked much better - but I honestly do not recall if the 
solution to this problem is included nowadays.

Sorry I wasn't more help.

Charles McClain wrote:

>I received several replies to my original question, all of which
>indicated that, in order to do a forceful logout, I needed to use
>FORM-based CMA rather than BASIC.  One of the replies recommended an
>article on the topic, which I downloaded and read.
>I implemented FORM-based authentication, making the changes to my
>web.xml, indicating the login form and error page, etc.  The container
>(Tomcat 4.0) seems to know that I want FORM-based authentication, since
>it pops up my login page.  I did, by the way, include the fields
>j_username and j_password, and my form action is j_security_check, as
>per the instructions.
>However, when I press the submit button, my browser gives me a 404
>not-found error on the (nonexistent, of course) page j_security_check.
>I've checked the Apache and Tomcat logs, and one of the Tomcat logs
>tells me that it has "Configured an authenticator for method FORM", but
>it still seems to be looking for a page by that name rather than
>invoking the method.
>Anyone have any ideas?
>Charles McClain
>Phone:  603.659.2046

Eddie Bush

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message