0006219: 500 with j_security_check and but no auth configuration

Mantis - Resin
Viewing Issue Advanced Details

ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
6219		minor	always	03-12-19 12:02	03-19-19 14:53

Reporter:	ferg	Platform:
Assigned To:	ferg	OS:
Priority:	normal	OS Version:
Status:	closed	Product Version:	4.0.62
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:

Summary:	0006219: 500 with j_security_check and but no auth configuration
Description:	(rep by Steffan Busch) Although we don't have any auth-type configuration in our web-app / website, there will be a 500 Servlet Exception with the below Stack Trace whenever someone submits a /j_security_check request to our Resin-Pro 4.0.61 instance. For example this request: https://caucho.com/j_security_check [^] or https://caucho.com/non-existent-path/random/j_security_check [^] javax.servlet.ServletException: FormLoginServlet requires a form login auth-type configuration at 'Basic' in 'WebApp[production/webapp/www.caucho.com/ROOT]' at com.caucho.server.security.FormLoginServlet.getFormLogin(FormLoginServlet.java:195) at com.caucho.server.security.FormLoginServlet.service(FormLoginServlet.java:65) at com.caucho.server.dispatch.ServletFilterChain.doFilter(ServletFilterChain.java:109) at com.caucho.server.webapp.DispatchFilterChain.doFilter(DispatchFilterChain.java:131) at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:304) at com.caucho.server.webapp.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:298) at com.caucho.server.webapp.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:116) at com.caucho.server.dispatch.ForwardFilterChain.doFilter(ForwardFilterChain.java:120) at com.caucho.server.rewrite.MatchFilterChain.doFilter(MatchFilterChain.java:98) at com.caucho.server.rewrite.MatchFilterChain.doFilter(MatchFilterChain.java:98) at com.caucho.server.httpcache.ProxyCacheFilterChain.doRequestCacheable(ProxyCacheFilterChain.java:252) at com.caucho.server.httpcache.ProxyCacheFilterChain.doFilter(ProxyCacheFilterChain.java:193) at com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:156) at com.caucho.server.httpcache.ProxyCacheFilterChain.doRequestCacheable(ProxyCacheFilterChain.java:252) at com.caucho.server.httpcache.ProxyCacheFilterChain.doFilter(ProxyCacheFilterChain.java:193) at com.caucho.server.webapp.WebAppFilterChain.doFilter(WebAppFilterChain.java:156) at com.caucho.server.webapp.AccessLogFilterChain.doFilter(AccessLogFilterChain.java:95) at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:304) at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:843) at com.caucho.network.listen.TcpSocketLink.dispatchRequest(TcpSocketLink.java:1393) at com.caucho.network.listen.TcpSocketLink.handleRequest(TcpSocketLink.java:1349) at com.caucho.network.listen.TcpSocketLink.handleRequestsImpl(TcpSocketLink.java:1333) at com.caucho.network.listen.TcpSocketLink.handleRequests(TcpSocketLink.java:1241) at com.caucho.network.listen.TcpSocketLink.handleAcceptTaskImpl(TcpSocketLink.java:1037) at com.caucho.network.listen.ConnectionTask.runThread(ConnectionTask.java:117) at com.caucho.network.listen.ConnectionTask.run(ConnectionTask.java:93) at com.caucho.network.listen.SocketLinkThreadLauncher.handleTasks(SocketLinkThreadLauncher.java:175) at com.caucho.network.listen.TcpSocketAcceptThread.run(TcpSocketAcceptThread.java:61) at com.caucho.env.thread2.ResinThread2.runTasks(ResinThread2.java:173) at com.caucho.env.thread2.ResinThread2.run(ResinThread2.java:118) These kind of /j_security_check requests are increasing the 500 count in Resin Admin's meters and it is also triggering the AnomalyAnalyzer for "Resin\|Http\|5xx WARNING". Is there any configuration tweak that can be performed to not have a 500 Servlet Exception?
Steps To Reproduce:
Additional Information:
Relationships
Attached Files:

Notes