Re: post data through form based authentication example?
Hmm. You're right. I just tested it on my JBoss (running 3.2.4RC1 with tomcat 5.0.19) and I got the same effect. Rats! This is not good. Trying to get info out of JBoss is like trying to get blood out of a stones. I assume there's a bug report? I haven't looked at JBoss's bugzilla yet. On 03/29/2004 01:10 AM Martin Alley wrote: After further testing, I believe this is a bug specific to the JBoss environment (both 3.2.3 and 3.2.4RC1) Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 28 March 2004 15:24 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? The updated web.xml below now correctly lists the required security-role tags, but the only effect was to bring the form.html resource into the secured area (ie login is requested before accessing this page now), so I have also modified web.xml to put form.html *outside* the secured area - thus still requiring post data to transition the form based logon. ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app session-config session-timeout2/session-timeout /session-config security-constraint web-resource-collection web-resource-nameSignon/web-resource-name descriptionDeclarative security tests/description !--url-pattern/form.html/url-pattern-- url-pattern/process.jsp/url-pattern http-methodHEAD/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-namecustomer/role-name role-namemerchant/role-name role-nameadmin/role-name /auth-constraint user-data-constraint descriptionno description/description transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.html/form-login-page form-error-page/login.html/form-error-page /form-login-config /login-config security-rolerole-namecustomer/role-name/security-role security-rolerole-namemerchant/role-name/security-role security-rolerole-nameadmin/role-name/security-role /web-app I can't see the point of protecting the POST method if the data fails to transition. Has anyone got a working example of this? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 27 March 2004 09:47 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? I forgot to mention it's behaviour!! Basically when the is no security constraint, it works. When there is a security constraint, the post data gets killed. Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 27 March 2004 09:43 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? Hi Adam, I've put together a simple test for posting to a secured resource which seems to throw up a problem. Included files are the web app. Based on JBoss3.2.3 embedded tomcat4.1. Martin Index.html html body a href=form.htmlform/a /body /html form.html html body form action=process.jsp method=post input type=text name=text1/ input type=submit value=OK/ /form /body /html login.html html body h4Please login:/h4 form method=POST action=j_security_check input type=text name=j_username input type=password name=j_password input type=submit value=OK /form /body /html process.jsp html body text1=%=request.getParameter(text1)% /body /html WEB-INF\web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app session-config session-timeout2/session-timeout /session-config security-constraint web-resource-collection web-resource-nameSignon/web-resource-name descriptionDeclarative security tests/description url-pattern/form.html/url-pattern url-pattern/process.jsp/url-pattern http-methodHEAD/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-namecustomer/role-name role-namemerchant/role-name role-nameadmin/role-name /auth-constraint user-data-constraint descriptionno description/description transport
RE: post data through form based authentication example?
No formal bug report yet. The current state of play is at http://www.jboss.org/index.html?module=bbop=viewtopict=47595 If you would like to add your weight to this observation... Thanks Martin -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 29 March 2004 09:17 To: Tomcat Users List Subject: Re: post data through form based authentication example? Hmm. You're right. I just tested it on my JBoss (running 3.2.4RC1 with tomcat 5.0.19) and I got the same effect. Rats! This is not good. Trying to get info out of JBoss is like trying to get blood out of a stones. I assume there's a bug report? I haven't looked at JBoss's bugzilla yet. On 03/29/2004 01:10 AM Martin Alley wrote: After further testing, I believe this is a bug specific to the JBoss environment (both 3.2.3 and 3.2.4RC1) Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 28 March 2004 15:24 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? The updated web.xml below now correctly lists the required security-role tags, but the only effect was to bring the form.html resource into the secured area (ie login is requested before accessing this page now), so I have also modified web.xml to put form.html *outside* the secured area - thus still requiring post data to transition the form based logon. ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app session-config session-timeout2/session-timeout /session-config security-constraint web-resource-collection web-resource-nameSignon/web-resource-name descriptionDeclarative security tests/description !--url-pattern/form.html/url-pattern-- url-pattern/process.jsp/url-pattern http-methodHEAD/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-namecustomer/role-name role-namemerchant/role-name role-nameadmin/role-name /auth-constraint user-data-constraint descriptionno description/description transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.html/form-login-page form-error-page/login.html/form-error-page /form-login-config /login-config security-rolerole-namecustomer/role-name/security-role security-rolerole-namemerchant/role-name/security-role security-rolerole-nameadmin/role-name/security-role /web-app I can't see the point of protecting the POST method if the data fails to transition. Has anyone got a working example of this? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 27 March 2004 09:47 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? I forgot to mention it's behaviour!! Basically when the is no security constraint, it works. When there is a security constraint, the post data gets killed. Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 27 March 2004 09:43 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? Hi Adam, I've put together a simple test for posting to a secured resource which seems to throw up a problem. Included files are the web app. Based on JBoss3.2.3 embedded tomcat4.1. Martin Index.html html body a href=form.htmlform/a /body /html form.html html body form action=process.jsp method=post input type=text name=text1/ input type=submit value=OK/ /form /body /html login.html html body h4Please login:/h4 form method=POST action=j_security_check input type=text name=j_username input type=password name=j_password input type=submit value=OK /form /body /html process.jsp html body text1=%=request.getParameter(text1)% /body /html WEB-INF\web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app session-config session-timeout2/session-timeout /session-config security-constraint web-resource-collection web-resource-nameSignon/web-resource-name descriptionDeclarative security tests/description url-pattern/form.html/url-pattern
Re: post data through form based authentication example?
Right I see. I shall ponder what jumping in at some point as well if you get no replies, but the replies from the JBoss people tend to be sporadic and I suffer all sorts of superstitious doubts about how best to elicit an answer from them. By the way, you can post HTML code there, you have to put it in [CODE] blocks, rather than [QUOTE] blocks which you tried. Adam On 03/29/2004 12:30 PM Martin Alley wrote: No formal bug report yet. The current state of play is at http://www.jboss.org/index.html?module=bbop=viewtopict=47595 If you would like to add your weight to this observation... Thanks Martin -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 29 March 2004 09:17 To: Tomcat Users List Subject: Re: post data through form based authentication example? Hmm. You're right. I just tested it on my JBoss (running 3.2.4RC1 with tomcat 5.0.19) and I got the same effect. Rats! This is not good. Trying to get info out of JBoss is like trying to get blood out of a stones. I assume there's a bug report? I haven't looked at JBoss's bugzilla yet. On 03/29/2004 01:10 AM Martin Alley wrote: After further testing, I believe this is a bug specific to the JBoss environment (both 3.2.3 and 3.2.4RC1) Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 28 March 2004 15:24 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? The updated web.xml below now correctly lists the required security-role tags, but the only effect was to bring the form.html resource into the secured area (ie login is requested before accessing this page now), so I have also modified web.xml to put form.html *outside* the secured area - thus still requiring post data to transition the form based logon. ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app session-config session-timeout2/session-timeout /session-config security-constraint web-resource-collection web-resource-nameSignon/web-resource-name descriptionDeclarative security tests/description !--url-pattern/form.html/url-pattern-- url-pattern/process.jsp/url-pattern http-methodHEAD/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-namecustomer/role-name role-namemerchant/role-name role-nameadmin/role-name /auth-constraint user-data-constraint descriptionno description/description transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.html/form-login-page form-error-page/login.html/form-error-page /form-login-config /login-config security-rolerole-namecustomer/role-name/security-role security-rolerole-namemerchant/role-name/security-role security-rolerole-nameadmin/role-name/security-role /web-app I can't see the point of protecting the POST method if the data fails to transition. Has anyone got a working example of this? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 27 March 2004 09:47 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? I forgot to mention it's behaviour!! Basically when the is no security constraint, it works. When there is a security constraint, the post data gets killed. Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 27 March 2004 09:43 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? Hi Adam, I've put together a simple test for posting to a secured resource which seems to throw up a problem. Included files are the web app. Based on JBoss3.2.3 embedded tomcat4.1. Martin Index.html html body a href=form.htmlform/a /body /html form.html html body form action=process.jsp method=post input type=text name=text1/ input type=submit value=OK/ /form /body /html login.html html body h4Please login:/h4 form method=POST action=j_security_check input type=text name=j_username input type=password name=j_password input type=submit value=OK /form /body /html process.jsp html body text1=%=request.getParameter(text1)% /body /html WEB-INF\web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web
RE: post data through form based authentication example?
The updated web.xml below now correctly lists the required security-role tags, but the only effect was to bring the form.html resource into the secured area (ie login is requested before accessing this page now), so I have also modified web.xml to put form.html *outside* the secured area - thus still requiring post data to transition the form based logon. ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app session-config session-timeout2/session-timeout /session-config security-constraint web-resource-collection web-resource-nameSignon/web-resource-name descriptionDeclarative security tests/description !--url-pattern/form.html/url-pattern-- url-pattern/process.jsp/url-pattern http-methodHEAD/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-namecustomer/role-name role-namemerchant/role-name role-nameadmin/role-name /auth-constraint user-data-constraint descriptionno description/description transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.html/form-login-page form-error-page/login.html/form-error-page /form-login-config /login-config security-rolerole-namecustomer/role-name/security-role security-rolerole-namemerchant/role-name/security-role security-rolerole-nameadmin/role-name/security-role /web-app I can't see the point of protecting the POST method if the data fails to transition. Has anyone got a working example of this? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 27 March 2004 09:47 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? I forgot to mention it's behaviour!! Basically when the is no security constraint, it works. When there is a security constraint, the post data gets killed. Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 27 March 2004 09:43 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? Hi Adam, I've put together a simple test for posting to a secured resource which seems to throw up a problem. Included files are the web app. Based on JBoss3.2.3 embedded tomcat4.1. Martin Index.html html body a href=form.htmlform/a /body /html form.html html body form action=process.jsp method=post input type=text name=text1/ input type=submit value=OK/ /form /body /html login.html html body h4Please login:/h4 form method=POST action=j_security_check input type=text name=j_username input type=password name=j_password input type=submit value=OK /form /body /html process.jsp html body text1=%=request.getParameter(text1)% /body /html WEB-INF\web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app session-config session-timeout2/session-timeout /session-config security-constraint web-resource-collection web-resource-nameSignon/web-resource-name descriptionDeclarative security tests/description url-pattern/form.html/url-pattern url-pattern/process.jsp/url-pattern http-methodHEAD/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-namecustomer/role-name role-namemerchant/role-name role-nameadmin/role-name /auth-constraint user-data-constraint descriptionno description/description transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.html/form-login-page form-error-page/login.html/form-error-page /form-login-config /login-config /web-app WEB-INF\jboss-web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE jboss-web PUBLIC -//JBoss//DTD Web Application 2.3//EN http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd; jboss-web security-domainjava:/jaas/authtest/security-domain !-- Resource Environment References -- !-- Resource references
RE: post data through form based authentication example?
After further testing, I believe this is a bug specific to the JBoss environment (both 3.2.3 and 3.2.4RC1) Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 28 March 2004 15:24 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? The updated web.xml below now correctly lists the required security-role tags, but the only effect was to bring the form.html resource into the secured area (ie login is requested before accessing this page now), so I have also modified web.xml to put form.html *outside* the secured area - thus still requiring post data to transition the form based logon. ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app session-config session-timeout2/session-timeout /session-config security-constraint web-resource-collection web-resource-nameSignon/web-resource-name descriptionDeclarative security tests/description !--url-pattern/form.html/url-pattern-- url-pattern/process.jsp/url-pattern http-methodHEAD/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-namecustomer/role-name role-namemerchant/role-name role-nameadmin/role-name /auth-constraint user-data-constraint descriptionno description/description transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.html/form-login-page form-error-page/login.html/form-error-page /form-login-config /login-config security-rolerole-namecustomer/role-name/security-role security-rolerole-namemerchant/role-name/security-role security-rolerole-nameadmin/role-name/security-role /web-app I can't see the point of protecting the POST method if the data fails to transition. Has anyone got a working example of this? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 27 March 2004 09:47 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? I forgot to mention it's behaviour!! Basically when the is no security constraint, it works. When there is a security constraint, the post data gets killed. Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 27 March 2004 09:43 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? Hi Adam, I've put together a simple test for posting to a secured resource which seems to throw up a problem. Included files are the web app. Based on JBoss3.2.3 embedded tomcat4.1. Martin Index.html html body a href=form.htmlform/a /body /html form.html html body form action=process.jsp method=post input type=text name=text1/ input type=submit value=OK/ /form /body /html login.html html body h4Please login:/h4 form method=POST action=j_security_check input type=text name=j_username input type=password name=j_password input type=submit value=OK /form /body /html process.jsp html body text1=%=request.getParameter(text1)% /body /html WEB-INF\web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app session-config session-timeout2/session-timeout /session-config security-constraint web-resource-collection web-resource-nameSignon/web-resource-name descriptionDeclarative security tests/description url-pattern/form.html/url-pattern url-pattern/process.jsp/url-pattern http-methodHEAD/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-namecustomer/role-name role-namemerchant/role-name role-nameadmin/role-name /auth-constraint user-data-constraint descriptionno description/description transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.html/form-login-page form-error-page/login.html/form-error-page /form-login-config /login-config /web-app WEB
RE: post data through form based authentication example?
Hi Adam, I've put together a simple test for posting to a secured resource which seems to throw up a problem. Included files are the web app. Based on JBoss3.2.3 embedded tomcat4.1. Martin Index.html html body a href=form.htmlform/a /body /html form.html html body form action=process.jsp method=post input type=text name=text1/ input type=submit value=OK/ /form /body /html login.html html body h4Please login:/h4 form method=POST action=j_security_check input type=text name=j_username input type=password name=j_password input type=submit value=OK /form /body /html process.jsp html body text1=%=request.getParameter(text1)% /body /html WEB-INF\web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app session-config session-timeout2/session-timeout /session-config security-constraint web-resource-collection web-resource-nameSignon/web-resource-name descriptionDeclarative security tests/description url-pattern/form.html/url-pattern url-pattern/process.jsp/url-pattern http-methodHEAD/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-namecustomer/role-name role-namemerchant/role-name role-nameadmin/role-name /auth-constraint user-data-constraint descriptionno description/description transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.html/form-login-page form-error-page/login.html/form-error-page /form-login-config /login-config /web-app WEB-INF\jboss-web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE jboss-web PUBLIC -//JBoss//DTD Web Application 2.3//EN http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd; jboss-web security-domainjava:/jaas/authtest/security-domain !-- Resource Environment References -- !-- Resource references -- !-- EJB References -- /jboss-web -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 25 March 2004 15:10 To: Tomcat Users List Subject: Re: post data through form based authentication example? Martin, I would check your problem again. That is not the normal behaviour of the container-managed login. It will cache the original request during the login and send it on to the originally requested URL. Adam On 03/25/2004 02:45 PM Martin Alley wrote: Hi, Has any one got an example of a servlet secured with form based authentication, where the request to the servlet is posted, from outside the secured area? My actual situation is I already have a web application with form based auth working fine, but I have a problem when the user is at a web form, about to post the data when their session times out. Then they submit the form, get sent to the login page, and then the on to the original form processing servlet. However the post data is now lost. I am using tomcat4.1 as bundled with JBoss 3.2.3 and the coyote connector. Thanks in advance Martin PS I have also posted to JBoss - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: post data through form based authentication example?
I forgot to mention it's behaviour!! Basically when the is no security constraint, it works. When there is a security constraint, the post data gets killed. Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 27 March 2004 09:43 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? Hi Adam, I've put together a simple test for posting to a secured resource which seems to throw up a problem. Included files are the web app. Based on JBoss3.2.3 embedded tomcat4.1. Martin Index.html html body a href=form.htmlform/a /body /html form.html html body form action=process.jsp method=post input type=text name=text1/ input type=submit value=OK/ /form /body /html login.html html body h4Please login:/h4 form method=POST action=j_security_check input type=text name=j_username input type=password name=j_password input type=submit value=OK /form /body /html process.jsp html body text1=%=request.getParameter(text1)% /body /html WEB-INF\web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app session-config session-timeout2/session-timeout /session-config security-constraint web-resource-collection web-resource-nameSignon/web-resource-name descriptionDeclarative security tests/description url-pattern/form.html/url-pattern url-pattern/process.jsp/url-pattern http-methodHEAD/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-namecustomer/role-name role-namemerchant/role-name role-nameadmin/role-name /auth-constraint user-data-constraint descriptionno description/description transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.html/form-login-page form-error-page/login.html/form-error-page /form-login-config /login-config /web-app WEB-INF\jboss-web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE jboss-web PUBLIC -//JBoss//DTD Web Application 2.3//EN http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd; jboss-web security-domainjava:/jaas/authtest/security-domain !-- Resource Environment References -- !-- Resource references -- !-- EJB References -- /jboss-web -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 25 March 2004 15:10 To: Tomcat Users List Subject: Re: post data through form based authentication example? Martin, I would check your problem again. That is not the normal behaviour of the container-managed login. It will cache the original request during the login and send it on to the originally requested URL. Adam On 03/25/2004 02:45 PM Martin Alley wrote: Hi, Has any one got an example of a servlet secured with form based authentication, where the request to the servlet is posted, from outside the secured area? My actual situation is I already have a web application with form based auth working fine, but I have a problem when the user is at a web form, about to post the data when their session times out. Then they submit the form, get sent to the login page, and then the on to the original form processing servlet. However the post data is now lost. I am using tomcat4.1 as bundled with JBoss 3.2.3 and the coyote connector. Thanks in advance Martin PS I have also posted to JBoss - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: post data through form based authentication example?
Martin, I would check your problem again. That is not the normal behaviour of the container-managed login. It will cache the original request during the login and send it on to the originally requested URL. Adam On 03/25/2004 02:45 PM Martin Alley wrote: Hi, Has any one got an example of a servlet secured with form based authentication, where the request to the servlet is posted, from outside the secured area? My actual situation is I already have a web application with form based auth working fine, but I have a problem when the user is at a web form, about to post the data when their session times out. Then they submit the form, get sent to the login page, and then the on to the original form processing servlet. However the post data is now lost. I am using tomcat4.1 as bundled with JBoss 3.2.3 and the coyote connector. Thanks in advance Martin PS I have also posted to JBoss - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: post data through form based authentication example?
Hi Adam, That's encouraging. I'm actually using struts in this app too. I'll do some debugging and see where I get. Thanks for now Martin -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 25 March 2004 15:10 To: Tomcat Users List Subject: Re: post data through form based authentication example? Martin, I would check your problem again. That is not the normal behaviour of the container-managed login. It will cache the original request during the login and send it on to the originally requested URL. Adam On 03/25/2004 02:45 PM Martin Alley wrote: Hi, Has any one got an example of a servlet secured with form based authentication, where the request to the servlet is posted, from outside the secured area? My actual situation is I already have a web application with form based auth working fine, but I have a problem when the user is at a web form, about to post the data when their session times out. Then they submit the form, get sent to the login page, and then the on to the original form processing servlet. However the post data is now lost. I am using tomcat4.1 as bundled with JBoss 3.2.3 and the coyote connector. Thanks in advance Martin PS I have also posted to JBoss - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]