j_security_check on Tomcat

tomcat authentication types
tomcat user principal
tomcat login page
tomcat ldap authentication
tomcat disable lockoutrealm
tomcat basic and form authentication
tomcat digest sh
tomcat 9 digest password

Do I have to do anything to activate Tomcat handling the call to j_security_check? The config & HTML code is below. I am getting this error:

Error Message

type Status report

message /(context path)/ProviderManager/j_security_check

description The requested resource (/(context path)/ProviderManager/j_security_check) is not available.


<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">




  <role rolename="tomcat"/>
  <role rolename="role1"/>

  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>

  <user username="ide" password="mgPNx5x5" roles="manager-script,admin"/>


<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>JSP Page</title>
        <form action="j_security_check" method="POST">
           Username:<input type="text" name="j_username"><br>
           Password:<input type="password" name="j_password">
           <input type="submit" value="Login">



The action parameter in the login form page is interpreted as a URL relative to the URL of the login page, so when you submit the form the browser sends a POST request to the server with the URL /[context-path]/ProviderManager/j_security_check. The servlet container uses /[context-path]/j_security_check as the path for authentication requests to your webapp.

Any one of the following should fix this:

  1. Change the action parameter in the login page to ../j_security_check.
  2. Change the action parameter in the login page to /[context-root]/j_security_check
  3. Move the login page to the application context root directory.

j_security_check on Tomcat, To create login form we must use j_security_check action in the form tag. Username and password must be named as j_username and  I use j_security_check as part of JAAS mechanism on a tomcat/tomEE server.. I currently have a context called "admin", that has the login process as a separate page (login.html), and that login page has a form similar to this: <form action="j_security_check" method="post"> with the proper inputs sending j_username & j_password properties.

Your tomcat-users.xml is invalid.

  <role rolename="manager-script"/>
  <role rolename="manager-gui"/>
  <role rolename="admin"/>
  <user username="ide" password="whatever" roles="manager-script,admin"/>

You should remove the empty description tag: <description/>

Form Based Authentication in JSP using Tomcat, Hi everybody, I am chaitanya, I want to implement j_security_check in my web application. Previously I used sessions to provide security for my  UTF-8 encoded j_security_check username incorrectly decoded as Latin-1 in Tomcat realm I'm investigating an issue where a username with Latin-1 character is introduced in a login form. The username contains character á.

You don't need to configure anything.

What is the directory structure of your project? The problem is a path.

Put login.jsp and error.jsp in WebContent/pages and try :


How to implement j_security_check in tomcat 6.0 - Get Started, is part of all standard JSP/servlet/J2EE container-based form authentication. For Assure, the default URL for the web app is index. jsp which redirects to "authorize. sp" (or . The security is based on role. We can define role and use credentials in tomcat-users.xml. web.xml configures <security-constraint>, <login-config> and <security-role>. To create login form we must use j_security_check action in the form tag. Username and password must be named as j_username and j_password.

Realm Configuration How-To, is the action that applications using form based login have to specify for the login form. In the same form, you should also have a text input control called j_username and a password input control called j_password. How to trigger re-login with HTTP POST request to j_security_check in Tomcat FORM based authentication 1 (xml) cvc-complex-type.2.4.a: Invalid content was found starting with element 'init-param'

What is j_security_check when you login to Assure? – Infogix, You can define different roles in file tomcat-users.xml, which is located off Tomcat's home directory in The action in the <form> tag must be j_security_check. I am facing an issue in tomcat authentication by j_security_check for form based method. Even after my user and pass is correct.then also i am redirected to error page.

JSP - Security, Hi I have just been trying s little play around with Tomcat 7 and using the j_security_check security contraints with MySQL (see this tutorial:  How does j_security_check know where to redirect users to after they have logged in? I have searched for any documentation related to how j_security_check works but to no avail nor am I able to find out where in the Tomcat source code j_security_check is declared or invoked.