Re: Authentication problem...redirected to /null

2001-12-06 Thread Jeff Kilbride 

You're not supposed to be able to reach the login page, except by accessing
a secure page. The container is then responsible for displaying the login
page and sending the user to the correct secure page, once they have been
authenticated. So, rather than having a link to your login page from your
home page, you should have a link to your main welcome page inside your
secure area. Tomcat will then send the user to the login page automatically,
if they haven't been authenticated.

What version of Tomcat are you using? Unfortunately, in TC 3.2.x (possibly
others, but I'm not sure) the container *redirects* the user to the login
page which makes it possible for the user to then bookmark that page -- thus
defeating the idea that they have to access a secure page first. The only
way I found to get around this was to put my login page in a separate
/login directory and then put an index.jsp file in that directory that
redirects to my secure area. That way, anyone who bookmarked the login page
was handled correctly. I'm not sure if this will work in other versions of
Tomcat, though.

Hope this helps!

--jeff

- Original Message -
From: John Mikhail [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, December 05, 2001 5:36 PM
Subject: Authentication problem...redirected to /null


 Hello,

 I'm wondering if anyone can help me with an issue I'm having with my web
 app.  I have a web application that uses the JDBCRealm and I've defined
 all the roles and what not.  Here's the scenario...

 If I try to access a secure page, it will take me to the login page.  I
 login with a valid user and then get redirected back to the secure page
 with no problems now that I'm authenticated.  That's not the problem.
 The problem is I can also login from the home page.  If I log in from
 the home page with the same authenticated user, it tomcat is trying to
 redirect me to context/null.  Why is that?  I have a welcome file list
 defined in my web.xml.  If anyone can help, it would be greatly
 appreciated..


 --
 John Mikhail
 Codito, Ergo Sum


 --
 To unsubscribe:   mailto:[EMAIL PROTECTED]
 For additional commands: mailto:[EMAIL PROTECTED]
 Troubles with the list: mailto:[EMAIL PROTECTED]



--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

Authentication problem...redirected to /null

2001-12-05 Thread John Mikhail 

Hello,

I'm wondering if anyone can help me with an issue I'm having with my web
app.  I have a web application that uses the JDBCRealm and I've defined
all the roles and what not.  Here's the scenario...

If I try to access a secure page, it will take me to the login page.  I
login with a valid user and then get redirected back to the secure page
with no problems now that I'm authenticated.  That's not the problem.
The problem is I can also login from the home page.  If I log in from
the home page with the same authenticated user, it tomcat is trying to
redirect me to context/null.  Why is that?  I have a welcome file list
defined in my web.xml.  If anyone can help, it would be greatly
appreciated..


--
John Mikhail
Codito, Ergo Sum  


--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]