You've probably got it fixed by now but...
I think all you need to do is add this before executing the post:
authPost.setFollowRedirects(true);
As memory serves, I think it only follows up to a set maximum number of
redirects (in an attempt to prevent infinite loops). It's been a while
since I
Tomcat-Users
(Cc:Matt/Adam),
I've just tried doing a redirect to j_security_check using the
commons package org.apache.commons.httpclient.
The error I get from the code is
[INFO] HttpMethodBase - -Redirect requested but followRedirects is
disabled
statusCode : 302
Any clues given my code
Sounds like a server configuration problem. I don't know where
followRedirects is disabled, but it looks like it is somewhere.
Matt
On Dec 5, 2003, at 8:46 AM, Chris Ward wrote:
Tomcat-Users
(Cc:Matt/Adam),
I've just tried doing a redirect to j_security_check using the
commons package
That's a fairly circuitous route for a login. I guess you do what you
have to do though.
I was wondering whether I could adapt it to allow an SSL login form to
be used to login to non-SSL pages, but I think the httpClient would
leave the j_security_check post in plain text on the net - unless
for all the good advice guys - I'll probably be in
touch next week.
Best regards,
Chris
-Original Message-
From: Adam Hardy [mailto:[EMAIL PROTECTED]
Sent: Thursday, 4 December 2003 13:02
To: Tomcat Users List; Matt Raible
Subject: Re: servlet sendRedirect() to j_security_check problem
Chris,
I found your post at
http://www.mail-archive.com/tomcat-user%40jakarta.apache.org/
msg111700.html and I'm cc'ing the list in case anyone else is
interested in this info (I'm not subscribed).
I've actually improved the Remember Me feature a fair amount since I
posted to the Tomcat
Matt,
are you really managing to post a form to j_security_check without
invoking it first, or is that some sort of black magic you've cooked up?
Or have I just misunderstood what Chris said?
Adam
On 12/03/2003 09:24 PM Matt Raible wrote:
Chris,
I found your post at
It's standard container managed security stuff - I first invoke a
protected URL - in index.jsp - I redirect to mainMenu.do - and *.do is
protected. Based on security constraints in web.xml, I'm presented
with a form-login-page login.jsp - rather than having
action=j_security_check in this