3 Replies Latest reply on Apr 29, 2012 12:17 AM by sfcoy

    j_security_check returning 400 error

    tuishimi

      I think this all began when our login process was changed because we use a CM for our home page (and various other pages).

       

      Basically what is happening is people are bookmarking our login page.  To get there you go through protected pages/actions (our login is loginBounce.do from the home page, for example).  The url rewrite filter checks for http/https and switches context, pushing to another page which loads the final action which simply displays the login form JSP.

       

      If you follow that process and log in, it works.  When users bookmark that final page/form and submit it we get a 400 error.

       

      My head is spinning looking through all the redirect xml files, login-config, rewrites, web... etc.  I have no idea what is going on here and what process it (JBOSS 4.x) is going through and how we end up with a BAD REQUEST error.  The login page itself is the standard j_username/j_password deal...

       

      It seems like (to me) that somewhere in all the filters something is being altered, lost, dropped ... I don't know.  But I am going crazy trying to figure it out.

       

      I guess what I want to know is what could cause j_security_check to return a 400 error?

       

      Thank you!

        • 1. Re: j_security_check returning 400 error
          tuishimi

          So I did more research... and the problem is that people should not go directly TO the login.jsp...  but when you use a protected page and get redirected to this action/page, how can you PREVENT people from bookmarking it right then and there?  That's what is happening... the login form comes up... people bookmark it.  All I can think to do is to have a link saying "bookmark this page" and actually have it bookmark a protected action... what do you think?

          • 2. Re: j_security_check returning 400 error
            tuishimi

            Or... is there a way to mask the actual URL so that you can trick the browser?  Ugh.  This is a little frustrating as apparently a lot of our customers are bookmarking the login page and then when they attempt to use it, login fails.

            • 3. Re: j_security_check returning 400 error
              sfcoy

              You can try adding this to your web.xml:

              {code:xml}

                  <error-page>

                      <error-code>400</error-code>

                      <location>/yourHomePageURL</location>

                  </error-page>{code}

               

              It may ask the user to login again (the behaviour varies between app-server vendors).