There IS wackiness here... you are not the crazy one. Different browsers
behave differently.
For example, when you hit a protected resource, JBoss/Tomcat will throw up a
login page (if you have it configured this way). And submitting the login page
to j_security_check is the correct thing to do, according to the spec. And all
the JAAS stuff will get kicked off and the user will be authenticated (or not).
And then you will be forwarded to the protected resource that you originally
asked for.
HOWEVER, if you hit the back button you WILL get the login page again. This is
just how browsers work. If at this point, you submit the login form you WILL
get the 404 j_security_check not found message.
What you can do is define a custom 404 error page (see web.xml on how to do
this). with he following contents... This will catch the 404 and get the user
back to the home page.
<%@ page language="java" %>
<%@ page isErrorPage="true" %>
<%@ page import="java.util.*" %>
<%
// this string is only availble if the page is marked as an error page (above)
String request_uri =
(String)request.getAttribute("javax.servlet.error.request_uri");
// handle j_security_checks by forwarding to the index page.
// people will still be confused because they might think they have logged in a
second time.
if ( request_uri.indexOf("j_security_check") > 0 ){
request.getRequestDispatcher("/").forward(request, response);
}
// keep the response short, so the browser can override it if it likes.
%>
404 - Page Not Found
---------
This said, the idea case would be if the user never ever saw the login page
unless they needed to be authenticated. However, that's just not how browsers
work. The back button always takes you back.
We have also done lots of work, in order to make the login.jsp not cached. So
that if the user gets to the login page, it will atleast refresh from the
server, and maybe we can make an informed decision about how the user got
there. However, nothing we've tried works on all browsers... thrus the 404
j-security check seends to be the best fix
dt
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3865892#3865892
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3865892
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
