Search code examples
securityjsfjsf-2jbossjaas

j_security_check invalid direct reference

I currently have a login form on a public, unprotected http page. Upon login I want the page to redirect to a secure https page. I am receiving this error screen when I try to login however:

HTTP 400

I'm 90% sure my syntax is accurate. I have this exact form as a login page elsewhere on the site. This implementation is for a drop down box that enables the user to login. Here is my form for reference. Any help is appreciated, Thanks.

<div class="login-options">
    <form id="login" name="j_security_form" action="<%out.write(Dropdown.getXML("https://www.xxx.com/public/j_security_check")); %>" method="post" accept-charset="UTF-8">
        <strong>Account Login</strong><br>
            Username:<br>
                <input type="text" name="j_username"><br>
            Password:<br>
                <input type="password" name="j_password"><br>
            <br>
                <input type="submit" value="Login"><br>
            <br>
                New users <a href="../xxx/user_registration.jsp">register here</a><br>
                <a href="../xxx/forgot_password.jsp">Forgot password?</a>
                <input type="hidden" name="auth_mode" value="basic">        
            <script>
            var newloc = document.location.href;
            newloc =newloc.replace('index.jsp','index.jsp');
            document.write('<input type="hidden" name="orig_url" value="'+newloc+'">');
            </script>
    </form>
</div>
Solution

  • Might be because you're trying to directly reference the url for j_security_check. I would try referencing a page that requires login creds, then it'll redirect to the secure page once it sees that there are adequate credentials.