With the Acegi Security integration, we don't really need the login-redirect.jsp anymore. With CMA, you have to request a protected resource before you can authenticate - but not so with Acegi Security. In reality, we should never be linking directly to a "login" page because users should only be prompted to login when they try to access a protected resource. That begin said, if you hit login.jsp as your first page, and then login - Acegi will take you to the default page/url that you've specified.
Another thing we need to look at before we release 2.1 is that the Acegi filter is mapped to /*. While this seems to work well with my site - it might be a different story for JRoller and blogs.sun.com. Matt On 12/11/05, Anil Gangolli <[EMAIL PROTECTED]> wrote: > > OK. I resolved this. > > http://svn.apache.org/viewcvs?rev=355963&view=rev > > The login-redirect.jsp page does seem to be used as the locus of the > selection logic for the multi v. single weblog case, so I don't think it > should be cut out, and it is properly expecting to follow authentication. > > I have checked in the following fix. I added it to the scope of URI's > requiring authentication in the security.xml, which appeared to me to be > the correct thing (and which seems to work as expected). > > Matt should probably check this. > > I never saw any intermittentness in this bug. It happened every time > if you were not already logged in and didn't have a "remember me" cookie. > > --a. > > Allen Gilliland wrote: > > > I had just mentioned this one to Dave yesterday, but the strange thing > > is that it doesn't happen all of the time, only intermittently. > > > > I agree, we should be able to get rid of login-redirect.jsp now that > > we have Acegi. I say go for it. > > > > -- Allen > > > > > > Anil Gangolli wrote: > > > >> > >> login-redirect.jsp is calling > >> > >> UserData user = rollerSession.getAuthenticatedUser(); > >> > >> which is returning null and it's passing it along. It looks like > >> it's expecting authentication to have taken place at that point, but > >> it didn't. > >> > >> Should we be eliminating login-redirect.jsp here, and have the > >> explicit Login link directly to login.jsp? Is login-redirect > >> outmoded now with Acegi? > >> > >> Anil Gangolli wrote: > >> > >>> > >>> The latest trunk build is giving me a Null Pointer Exception when > >>> clicking the Login link (which leads to login-redirect.jsp). > >>> I'm starting to look at this, but if anyone knows what's going on > >>> already, let me know. > >>> --a > >>> > >>> > >>> java.lang.NullPointerException > >>> at > >>> org.roller.pojos.WebsiteData.hasUserPermissions(WebsiteData.java:1002) > >>> at > >>> org.apache.jsp.login_002dredirect_jsp._jspService( > org.apache.jsp.login_002dredirect_jsp:76) > >>> > >>> at > >>> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:99) > >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > >>> at > >>> org.apache.jasper.servlet.JspServletWrapper.service( > JspServletWrapper.java:325) > >>> > >>> at > >>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java > :295) > >>> > >>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java > :245) > >>> ... > >>> > >>> > >> > > > > > >