I agree that is the correct sequence, but that is not what I get. Assume I
have a welcome file defined called welcome.jsp.
The sequence of events is:
- User requests secured page /Login.jsp
- User is redirected to LoginForm.jsp
- User enters correct credentials
- User is logged in
- User is displayed the contents of welcome.jsp.
OR:
- User requests secured page /Login.jsp
- User is redirected to LoginForm.jsp
- User enters INCORRECT credentials
- User is NOT logged in
- User is STILL displayed the contents of welcome.jsp.
I also had the case where I didn't have a welcome file defined, but had
directory browsing enabled, and I get the directory contents after doing
the above sequences. This doesn't seem right to me, but I can't figure out
what is wrong.
What can cause this?
Gerald.
At 09:30 AM 2/1/2001 -0700, you wrote:
>The sequence of events is:
> - The user requests a secured page (/Login.jsp, in your case).
> - The server intercepts the request and redirects to the form-based
> login page (LoginForm.jsp)
> - If the user logs in successfully, the server allows the original
> request to proceed (ie. Login.jsp is displayed).
>
>So if by "the welcome page" you mean the Login.jsp page, then that is as
>expected. If you see something else, then this could possibly be the
>result of something you do on that page (such as redirection).
>
>Nick
>
>At 10:19 PM 1/31/01 -0800, you wrote:
>
>>I've searched the mailing list, but there doesn't seem to be information
>>on this. I'm a little desparate now.
>>
>>I'm using a form-based login for my web application. When a user hits
>>Login.jsp, s/he must log in. I have the LoginForm.jsp and LoginError.jsp
>>files in / of my context root. This redirection to the LoginForm.jsp does
>>occur, but regardless of whether the user logged in successfully or not,
>>he is dumped back to the welcome page. The actual logging in is
>>successful, i.e. if he provided the correct credentials, he's logged in,
>>but still dumped back to the welcome page.
>>
>>Here is the relevant portion of my web.xml:
>>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>LoginTrigger</web-resource-name>
>> <description>LoginTrigger</description>
>> <url-pattern>/Login.jsp</url-pattern>
>> <http-method>GET</http-method>
>> <http-method>POST</http-method>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>portal_gamer</role-name>
>> </auth-constraint>
>> </security-constraint>
>>
>> <login-config>
>> <auth-method>FORM</auth-method>
>> <realm-name>default</realm-name>
>> <form-login-config>
>> <form-login-page>LoginForm.jsp</form-login-page>
>> <form-error-page>LoginError.jsp</form-error-page>
>> </form-login-config>
>> </login-config>
>>
>> <security-role>
>> <role-name>portal_gamer</role-name>
>> </security-role>
>>
>>Which part of the magic am I missing?
>
