Then ln the welcome.jsp file in a protected area. Or in windows copy it.
Klaus
-----Opprinnelig melding-----
Fra: Gerald Gutierrez [mailto:[EMAIL PROTECTED]]
Sendt: 3. februar 2001 01:58
Til: Orion-Interest
Emne: RE: Form Login bouncing me to welcome page!
Well I don't want the welcome.jsp page to be secured; anyone should be able
to view that file. But if someone tries to hit Login.jsp, I want him to
have to log in before continuing.
Do I still need welcome.jsp to be in a security constraint?
At 08:30 AM 2/2/2001 -0500, you wrote:
>there should have been a entry for welcome.jsp under <security-contraints>
>for example:
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Unnamed</web-resource-name>
> <url-pattern>/welcome.jsp</url-pattern>
>
> > -----Original Message-----
> > From: Gerald Gutierrez [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, February 01, 2001 4:34 PM
> > To: Orion-Interest
> > Subject: Re: Form Login bouncing me to welcome page!
> >
> > I agree that is the correct sequence, but that is not what I get. Assume
I
> >
> > have a welcome file defined called welcome.jsp.
> >
> > The sequence of events is:
> >
> > - User requests secured page /Login.jsp
> > - User is redirected to LoginForm.jsp
> > - User enters correct credentials
> > - User is logged in
> > - User is displayed the contents of welcome.jsp.
> >
> > OR:
> >
> > - User requests secured page /Login.jsp
> > - User is redirected to LoginForm.jsp
> > - User enters INCORRECT credentials
> > - User is NOT logged in
> > - User is STILL displayed the contents of welcome.jsp.
> >
> > I also had the case where I didn't have a welcome file defined, but had
> > directory browsing enabled, and I get the directory contents after doing
> > the above sequences. This doesn't seem right to me, but I can't figure
out
> >
> > what is wrong.
> >
> > What can cause this?
> >
> > Gerald.
> >
> >
> > At 09:30 AM 2/1/2001 -0700, you wrote:
> > >The sequence of events is:
> > > - The user requests a secured page (/Login.jsp, in your case).
> > > - The server intercepts the request and redirects to the form-based
> > > login page (LoginForm.jsp)
> > > - If the user logs in successfully, the server allows the original
> > > request to proceed (ie. Login.jsp is displayed).
> > >
> > >So if by "the welcome page" you mean the Login.jsp page, then that is
as
> > >expected. If you see something else, then this could possibly be the
> > >result of something you do on that page (such as redirection).
> > >
> > >Nick
> > >
> > >At 10:19 PM 1/31/01 -0800, you wrote:
> > >
> > >>I've searched the mailing list, but there doesn't seem to be
information
> >
> > >>on this. I'm a little desparate now.
> > >>
> > >>I'm using a form-based login for my web application. When a user hits
> > >>Login.jsp, s/he must log in. I have the LoginForm.jsp and
LoginError.jsp
> >
> > >>files in / of my context root. This redirection to the LoginForm.jsp
> > does
> > >>occur, but regardless of whether the user logged in successfully or
not,
> >
> > >>he is dumped back to the welcome page. The actual logging in is
> > >>successful, i.e. if he provided the correct credentials, he's logged
in,
> >
> > >>but still dumped back to the welcome page.
> > >>
> > >>Here is the relevant portion of my web.xml:
> > >>
> > >> <security-constraint>
> > >> <web-resource-collection>
> > >> <web-resource-name>LoginTrigger</web-resource-name>
> > >> <description>LoginTrigger</description>
> > >> <url-pattern>/Login.jsp</url-pattern>
> > >> <http-method>GET</http-method>
> > >> <http-method>POST</http-method>
> > >> </web-resource-collection>
> > >> <auth-constraint>
> > >> <role-name>portal_gamer</role-name>
> > >> </auth-constraint>
> > >> </security-constraint>
> > >>
> > >> <login-config>
> > >> <auth-method>FORM</auth-method>
> > >> <realm-name>default</realm-name>
> > >> <form-login-config>
> > >> <form-login-page>LoginForm.jsp</form-login-page>
> > >> <form-error-page>LoginError.jsp</form-error-page>
> > >> </form-login-config>
> > >> </login-config>
> > >>
> > >> <security-role>
> > >> <role-name>portal_gamer</role-name>
> > >> </security-role>
> > >>
> > >>Which part of the magic am I missing?
> > >
> >
> >
> >
>
>---------------------------------------------------------------------------
---
>CONFIDENTIALITY NOTICE: If you have received this e-mail in error, please
>immediately notify the sender by e-mail at the address shown. This e-mail
>transmission may contain confidential information. This information is
>intended only for the use of the individual(s) or entity to whom it is
>intended even if addressed incorrectly. Please delete it from your files
>if you are not the intended recipient. Thank you for your compliance.
>
>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
