DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=8976>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=8976 ------- Additional Comments From [EMAIL PROTECTED] 2005-09-24 12:49 ------- I tried your solution in tomcat 4.1.31 and seemed to me not working because the redirect url (j_redirect_url) should be one of securiry protected resources. In my case I have login form in any page of my site so user can login from any page and return to that page. To solve this problem I had to change FormAuthenticator.java and AuthenticatorBase.java using your trick. When saved request is not found after j_security_login i save a request using j_redirect_url and put a flag in a session note to indicate I'm redirecting from login. Now, when AuthenticatorBase.invoke is called again it checks to see if the page is in security constraints or redirect from login exists and call authenticate again to restore saved url. I will attach my solution because I believe a lot of developers wish that feature, even if it is not compliant with servlet specs. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
