DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=28313>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=28313 Invalid redirect after successful FORM-based authentication Summary: Invalid redirect after successful FORM-based authentication Product: Tomcat 4 Version: 4.1.30 Platform: PC OS/Version: Windows NT/2K Status: NEW Severity: Normal Priority: Other Component: Unknown AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Description: ============ when my login-page JSP uses other resources from protected area e.g. .CSS or .JS files then after successful authentication client always redirected to last requested protected resource used by login-page. This behaviour violated Servlet 2.3 Spec section SRV.12.5.3 Form Based Authentication. With accordance to spec after successful authentication client should be redirected to "URL path triggering the authentication and stored by the container" Details: ======== 1.Here are scraps of my web.xml: <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> [..skipped..] <security-constraint> [..skipped..] <url-pattern>/*</url-pattern> [..skipped..] 2.Here are scraps of my localhost_access_log.txt 127.0.0.1 - - [09/Apr/2004:17:18:13 +0200] "GET /tceinq/index.jsp HTTP/1.1" 302 - 127.0.0.1 - - [09/Apr/2004:17:18:13 +0200] "GET /tceinq/login.jsp HTTP/1.1" 200 908 127.0.0.1 - - [09/Apr/2004:17:18:13 +0200] "GET /tceinq/_.js HTTP/1.1" 302 - 127.0.0.1 - - [09/Apr/2004:17:18:13 +0200] "GET /tceinq/login.jsp HTTP/1.1" 200 908 127.0.0.1 - - [09/Apr/2004:17:18:20 +0200] "POST /tceinq/j_security_check HTTP/1.1" 302 - 127.0.0.1 - tomcat [09/Apr/2004:17:18:20 +0200] "GET /tceinq/_.js HTTP/1.1" 200 197 So as you can see container done redundant redirect to login.jsp when _.js (JavaScript file) had been requested, and exactly this file had been stored as initiating URL, so after authentication I see content of my _.js file instead of content of my realy initialy requested index.jsp file. Thanks in advance. Do not hesitate to ask me about additional info about the issue. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]