-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcel,
On 2/27/2009 5:17 PM, Marcel Stör wrote:
On 27.02.2009, at 17:38, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 2/26/2009 5:39 PM, Caldarale, Charles R wrote:
From: Mark Thomas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 2/26/2009 5:39 PM, Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org] Subject: Re: Request
not forwarded to login page with security-constraint after session
time-out
The spec is clearer than that. The * role ==
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 2/26/2009 7:22 PM, Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
What the spec is not explicit about is the
On 27.02.2009, at 17:38, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 2/26/2009 5:39 PM, Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org] Subject: Re: Request
not forwarded to login page with security-constraint after session
Marcel,
On Thu, Feb 26, 2009 at 12:16 AM, Marcel Stör mar...@frightanic.com wrote:
[Problem]
Upon session time-out the request is not forwarded to the login page (form
based auth). Nothing happens on the UI. However, forwarding to the login
page does work during the initially login into the
Gregor Schneider wrote:
Marcel,
On Thu, Feb 26, 2009 at 12:16 AM, Marcel Stör mar...@frightanic.com wrote:
[Problem]
Upon session time-out the request is not forwarded to the login page (form
based auth). Nothing happens on the UI. However, forwarding to the login
page does work during the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gregor,
On 2/26/2009 9:59 AM, Gregor Schneider wrote:
This looks a bit awkward to me (didn't know that this is possible),
but I guess that's not the reason for your problem:
role-name*/role-name
This is fine. From the servlet spec SRV.13.3:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcel,
On 2/26/2009 10:21 AM, Marcel Stör wrote:
If I request a protected URL (manually clicking
link, AJAX request, etc.) *after* the session has timed out I expect an
automatic forwarding to the login page. As I could see while debugging,
the
On 26.02.2009, at 20:13, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcel,
On 2/26/2009 10:21 AM, Marcel Stör wrote:
If I request a protected URL (manually clicking
link, AJAX request, etc.) *after* the session has timed out I
expect an
automatic forwarding
From: Marcel Stör [mailto:mar...@frightanic.com]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
No, I only mentioned this because Tomcat throws an SQL exception
because it tries to query a table called if I don't specify a role
table in the
Caldarale, Charles R wrote:
From: Marcel Stör [mailto:mar...@frightanic.com]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
No, I only mentioned this because Tomcat throws an SQL exception
because it tries to query a table called if I don't
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
The spec is clearer than that. The * role == all roles
defined in web.xml.
Yes, but what it's not clear about is what happens when there are *no*
Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
The spec is clearer than that. The * role == all roles
defined in web.xml.
Yes, but what it's not clear about is what
On 26.02.2009, at 23:44, Mark Thomas wrote:
Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
The spec is clearer than that. The * role == all roles
defined in web.xml.
Marcel Stör wrote:
Not sure I can follow you guys on this...A few questions, my assumption
is that the role-issue has nothing to do with the real problem:
Correct. Chuck and I are off on our own little tangent.
1. Is the *-role issues even relevant in my context? After all, the
security
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
What the spec is not explicit about is the combination
of * with an empty or non-existant security-role list.
I think it is quite clear. It means
Marcel Stör wrote:
[...]
3. Why does it seem to be relevant that the request where
auto-forwarding-to-login-after-session-timeout fails is an AJAX request?
That was my last thought last night before I fell asleep...and my first this
morning when I woke up. And then the scales fell from my
Up to now I had always thought I understood the security aspects of
the Servlet spec quite well. Looks like I was wrong...
[Problem]
Upon session time-out the request is not forwarded to the login page
(form based auth). Nothing happens on the UI. However, forwarding to
the login page does
18 matches
Mail list logo
