https://issues.apache.org/bugzilla/show_bug.cgi?id=46509
Summary: Tomcat 5.5 security example gives j_security_check not
available
Product: Tomcat 5
Version: 5.5.26
Platform: PC
OS/Version: All
Status: NEW
Severity: trivial
Priority: P5
Component: Webapps:Examples
AssignedTo: [email protected]
ReportedBy: [email protected]
The problem happens when using the security example (jsp-examples/security/) in
tomcat 5.5.
If the user enters their password incorrectly they are redirected to error.jsp
which has a link back to login.jsp. If you use this link and login with the
correct credentials login.jsp is reloaded. If you try to login a 2nd time with
the correct credentials you receive an error "The requested resource
(/jsp-examples/security/protected/j_security_check) is not available."
The problem is pretty simple. Since login.jsp, index.jsp and error.jsp are all
in a secure realm using the link in error.jsp to reach login.jsp triggers
authentication which brings up login.jsp as this is specified as
<form-login-page> in web.xml.
When the user is authenticated they are taken to the page in the realm they
requested, which in this case is login.jsp. When they try to login for the 2nd
time they get the error because they have already been authenticated and they
are trying to load j_security_check (loading index.jsp proves they are logged
in).
This fixes it:
In /jsp-examples/security/protected/error.jsp
Change:
<a href='<%= response.encodeURL("login.jsp") %>'>again</a>.
To:
<a href='<%= response.encodeURL("/") %>'>again</a>.
Only checked on Windows and Linux, but since Tomcat is doing what it's supposed
to do I imagine the example exhibits this behaviour on all platforms.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
