7 Replies Latest reply on Jan 23, 2009 1:28 PM by Ansury


    G009 Level 1
      Hello gus

      I am trying to use j-security_check. After i put usernam and password i'm getting following error
      HTTP Status 400 - Invalid direct reference to form login page
      Following is my flex code....

      <?xml version="1.0" encoding="utf-8"?>
      <mx:Application xmlns:mx=" http://www.adobe.com/2006/mxml" height="700" color="#FFFFFF" themeColor="#EDF1F4" backgroundGradientAlphas="[1.0, 1.0]" backgroundGradientColors="[#FBF9F9, #030000]">

      <mx:StringValidator id="j_usernameValidator" source="{j_username}" property="text" triggerEvent=""/>
      <mx:StringValidator id="j_passwordValidator" source="{j_password}" property="text" triggerEvent=""/>

      <mx:Canvas width="698" height="663" color="#FDFDFD" backgroundColor="#020000" borderColor="#FB6705" cornerRadius="19" id="myCanvas2">
      <mx:Form id="form1" x="193" y="286">
      <mx:FormItem label="User Name" required="true" fontWeight="bold">
      <mx:TextInput id="j_username" width="200" enabled="true" color="#000000" editable="true" backgroundAlpha="1.0" fontFamily="Georgia"/>
      <mx:FormItem label="Password" required="true" fontWeight="bold">
      <mx:TextInput id="j_password" width="200" displayAsPassword="true" enabled="true" color="#000000" editable="true"/>
      <mx:Button label="Log In" click="validateForm()" cornerRadius="20" borderColor="#959696" themeColor="#FAFCFD" fillAlphas="[1.0, 1.0]" fillColors="[#C4C16D, #D3C631, #77ADAA, #12D3C8]" id="logmein"/>

      <mx:Label x="107.5" y="83" text="Welcome" width="483" height="55" textAlign="center" fontWeight="bold" fontStyle="italic" fontSize="26" fontFamily="Georgia" color="#B5BCF1" id="welcome" enabled="true"/>
      <mx:Label x="107.5" y="123" text="To" width="483" height="55" textAlign="center" fontWeight="bold" fontStyle="italic" fontSize="26" fontFamily="Georgia" color="#B5BCF1" id="ess" enabled="true"/>
      <mx:Label x="107.5" y="164" text="Employee Self Service Portal" width="483" height="41" textAlign="center" fontWeight="bold" fontStyle="italic" fontSize="26" fontFamily="Georgia" color="#B5BCF1" id="esslbl" enabled="true"/>

      import mx.events.ValidationResultEvent;
      import mx.controls.Alert;
      import flash.net.navigateToURL;
      import flash.net.URLRequest;
      import flash.net.URLVariables;
      import flash.display.Sprite;

      private function validateForm():void{
      if (j_usernameValidator.validate().type == ValidationResultEvent.VALID && j_passwordValidator.validate().type == ValidationResultEvent.VALID){
      } else{
      Alert.show("Either of the User name or password can not be blank");

      private function submitForm():void{

      var str:String="j_security_check";
      var link:URLRequest=new URLRequest(str);
      var variables:URLVariables = new URLVariables();
      variables.j_username = j_username.text;
      variables.j_password = j_password.text;
      link.data = variables;
      link.method = URLRequestMethod.POST;



      Please tell me why m i getting this error. Also if u want i'll put my xml files here. Thanks in advance.
        • 1. Re: j_security_check
          ntsiii Level 3
          What are you attempting to do?
          • 2. Re: j_security_check
            Richard_Abbott Level 3
            Tracy, j_security_check is a standard J2EE security mechanism to authenticate a user against LDAP, DB table etc.
            G009, I have found that different J2EE servers do not all implement j_security_check in the same way (eg WebLogic allows you to call it almost as if it were a function, whereas Tomcat is much more strict). Maybe the J2EE container simply does not let you call it in this way, as though it was just another JSP page?
            • 3. Re: j_security_check
              G009 Level 1
              Well what i am trying to do is, i'm trying to provide access control using statndard username and password in Flex. For that i'm using j_security_check. Now if any1 know how to do that please let me know. Cause what ever i did i mentioned above. I need to do this. Please guys help me with this.
              Thanks in advance.
              • 4. Re: j_security_check
                Richard_Abbott Level 3
                seems to me that J2EE may not allow you to do
                new URLRequest("j_security_check");
                even though it is a valid Flex construction.
                Have you tried passing the username/password pair up to a JSP page and calling j_security_check from there, so you would do something like
                new URLRequest("logon.jsp?un=user&pw=pass");
                and let logon.jsp do the authentication.
                Of course in a real system you'd then want to encrypt the login details somehow, but this should let you see if the method works in principle.
                • 5. Re: j_security_check
                  G009 Level 1
                  Ok thanks Richard,
                  I will try to do that if it works, i'll notify over here. But ya it wouldn't be exact access control system which i want. Still its worth trying.
                  • 6. Re: j_security_check
                    Shirker1 Level 1
                    Hello G009
                    I am trying to do the same thing.
                    According to page 43 in the Flex Deployment Manual this is possible with a Flex developed form according to your example.
                    Can I see your web.xml file? What did you put in for
                    <form-login-page ?????? I tried with the .swf file in there but it is not right. I wonder who could help with this. Someone from Adobe should.
                    • 7. Re: j_security_check
                      Ansury Level 3
                      The answer is... don't use that crap. (j_security_check blows) Even if only for the reason that all the (few) references rely on forms...

                      Find another (any other) solution for authentication if you want to keep your sanity. Also, Flex experts at Adobe probably aren't gonna be able to help much unless they have this specific Java knowledge too, which is not always the case. You might get lucky but don't kill yourself trying to get junk_security_check working, toss it and move on if it's a nightmare.