"kathy90031" wrote : Yes, our URL pattern is the same, but I'm not sure you were understanding me correctly. Our pages ARE secure. | | If someone bookmarks http://localhost/WebApp/index.jsp | | then they are directed to the login page, after they login in (and are authenticated, they are directed to the home page. | | If some booksmarks http://localhost/WebApp/login.jsp | | they login in and recieve a BAD REQUEST error EVEN THOUGH they are authenticated. In fact, if they try to go to index.jsp DIRECTLY from the bad request page; they get in. | | I looked at the jboss source code and saw what was happening. Jboss looks up the request to forward to. Since the users are coming from login.jsp; this variable returns NULL. Therefore, Jboss throws the bad request error. | | Is there a workaround I can configure instead of code?
You could try creating a valve to check if the user browses directly to the login page or if he uses the normal navigation. If he does, redirect him to a secure page. The j_security_check wil trigger and redirect the user to the login page. A valve can be compared with a Servlet filter, but it runs outside the application and has access to otherwise forbidden resources, like Tomcat classes. More here: http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169725#4169725 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169725 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
