Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    j_security_check does not redirect status code 200 instead of 303

    I'm new with auth.

    On test environment (behind vpn) after click on the popup login, a POST is sent at the following url:

    https://local:5556/XYZ-Doc/j_security_check

    with status code 303 and location in response header such as:

    /XYZ-Doc/rest/datasourceservice/all?isc_dataFormat=json

    Please see the following screeshot for more details.

    Click image for larger version

Name:	Cattura.JPG
Views:	272
Size:	173.7 KB
ID:	269654

    I've duplicated the environment on virtual machine on my pc but, when I click on popup login,

    a POST is sent at the following url:

    https://192.168.1.43/XYZ-Doc/j_security_check

    with status code 200 and without location in response header.

    So seems that j_security_check doesn't do the redirect job.

    Please see the following screenshot for more details.

    Click image for larger version

Name:	Cattura1.JPG
Views:	197
Size:	163.0 KB
ID:	269655

    What it could be? A tomcat configuration? Any suggestion?

    May you please help please?

    Thanks.

    Regards.

    #2
    Hi Giacomo,

    Before we can help, we need some basics here:

    1. what product and what version are you using? Please include full version (including build date)

    2. what are you contacting at that URL? Our built-in servlet or something you wrote? It kind of looks like you're using our RESTHandler servlet, but as we explain in docs, you wouldn't have a reason to use that with a SmartGWT UI (you would just use the IDACall servlet instead)

    3. what authentication system are you using? You mentioned some details of Java cookies, etc, but is this Tomcat Realms, custom code or what?

    4. are you trying to implement Relogin? If you don't know what this is, please read about it in the QuickStart Guide.

    Comment


      #3
      Hi Admin, thanks for the support.

      Version is: SmartClient Version: v12.0p_2019-09-20/LGPL Development Only (built 2019-09-20)

      I've no idea about the other questions because I'm new with authentication mechanims. We've inerithed this product and, up to now, we have to support customer in the management.

      So please if you can, ask me more details and I will try to give you the answers. Of course I hope that this is a kind of support that you can do.

      Please notice that the environment duplicated on VM is a copy of the same tomcat instances that I have in test environment.

      Lot of thanks.

      Regards.
      Last edited by giacomo.squiccimarro; 21 Feb 2023, 04:09.

      Comment


        #4
        Hi Giacomo,

        We can definitely solve this problem for you, however, it looks like you are using the free / open source version of our product, which means both that the problem you're facing is related to a server system that wasn't built with our software, and beyond that, that you don't have support or even a paid license.

        If we're wrong about that, please let us know!

        Otherwise, please look over these offerings:

        https://smartclient.com/services/#support

        Again, we can 100% solve this problem for you, but we cannot offer free troubleshooting of server code that isn't based on our product. Thanks!

        Note that if you end up having to solve this problem on your own, we would again recommend that you take a look at the QuickStart Guide, specifically the sections of Authentication & Relogin.

        Comment


          #5
          Hi Admin,

          unfortunately I confirm that we're using the free/opensource version. This is what we've inerithed from the previous supplier and we've to work on this now.

          I will try to solve on my own and in the worst case we will activate you support as suggested by you.

          Thanks for you availability and suggestion.

          Regards.

          Comment


            #6
            We understand, of course.

            However, in terms of solving the problem quickly, it's likely to be the best case (not the worst case) to engage our team. We've very familiar with the authentication mechanisms involved here (even though it's not based on our framework) and, given appropriate diagnostic information, we can likely solve within hours what might otherwise take weeks.

            Any which way you choose to proceed, best of luck!

            Comment


              #7
              Hi Giacomo

              I have the same problem you reported.

              Have you found a solution?

              Thanks

              Comment

              Working...
              X