Where can I find "j_security_check"?
Is there a standard location for "j_security_check" so that i can take a look at it?
A search of my computer does not find the file, just references to it. So either its hidden for security reasons or is it not a file?
I have been locked out of an Application and this is the first place im taking a look at for solutions.
Solution 1:
It's part of the Servlet API and implemented by the servletcontainer. In your case, it's implemented by Tomcat. More specifically, the org.apache.catalina.authenticator.FormAuthenticator
class.
227 // Is this the action request from the login page?
228 boolean loginAction =
229 requestURI.startsWith(contextPath) &&
230 requestURI.endsWith(Constants.FORM_ACTION);
231
232 // No -- Save this request and redirect to the form login page
233 if (!loginAction) {
234 session = request.getSessionInternal(true);
235 if (log.isDebugEnabled())
236 log.debug("Save request in session '" + session.getIdInternal() + "'");
237 try {
238 saveRequest(request, session);
239 } catch (IOException ioe) {
240 log.debug("Request body too big to save during authentication");
241 response.sendError(HttpServletResponse.SC_FORBIDDEN,
242 sm.getString("authenticator.requestBodyTooBig"));
243 return (false);
244 }
245 forwardToLoginPage(request, response, config);
246 return (false);
247 }
248
249 // Yes -- Validate the specified credentials and redirect
250 // to the error page if they are not correct
251 Realm realm = context.getRealm();
252 if (characterEncoding != null) {
253 request.setCharacterEncoding(characterEncoding);
254 }
255 String username = request.getParameter(Constants.FORM_USERNAME);
256 String password = request.getParameter(Constants.FORM_PASSWORD);
257 if (log.isDebugEnabled())
258 log.debug("Authenticating username '" + username + "'");
259 principal = realm.authenticate(username, password);
260 if (principal == null) {
261 forwardToErrorPage(request, response, config);
262 return (false);
263 }
The Constants.FORM_ACTION
is /j_security_check
.
As to your concrete problem of being locked out, just make sure that you supply the proper username and password. The user database is normally configured by a realm.
Solution 2:
This is not a file, this is an alias for container based authentification:
http://docs.oracle.com/javaee/1.4/tutorial/doc/Security5.html