I think there is another option that noone has mentioned yet :-P
When the login.jsp page is presented as part of the login process, there
will be some standard request attributes containing the original
requested page (I don't remember the names now, but you can find them in
the servlet spec).
09, 2003 5:10 AM
To: Tomcat Users List
Subject: Re: How to prevent direct access to login.jsp
On 12/08/2003 11:59 PM Chaikin, Yaakov Y (US SSA) wrote:
I realized that my user can mess himself by bookmarking the login
page
he is asked to log in. The login.jsp appears in the URL address in
the
Thanks.
>
> Tom
>
> - Original Message -
> From: "Chaikin, Yaakov Y (US SSA)" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, December 08, 2003 5:59 PM
> Subject: How to prevent direct access to login.jsp
don't get many users for it to be an issue, and I
bumped up the memory on that web-server anyway.
Hope this helps. Thanks.
Tom
- Original Message -
From: "Chaikin, Yaakov Y (US SSA)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
gt; Subject: Re: How to prevent direct access to login.jsp
>
> On 12/08/2003 11:59 PM Chaikin, Yaakov Y (US SSA) wrote:
> > I realized that my user can mess himself by bookmarking the login
page
> > he is asked to log in. The login.jsp appears in the URL address in
the
> > bro
: <[EMAIL PROTECTED]>
> Sent: Monday, December 08, 2003 10:59 PM
> Subject: How to prevent direct access to login.jsp
>
>
> Hi,
>
> I realized that my user can mess himself by bookmarking the login page
> he is asked to log in. The login.jsp appears in the URL address in
ROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, December 08, 2003 10:59 PM
Subject: How to prevent direct access to login.jsp
Hi,
I realized that my user can mess himself by bookmarking the login page
he is asked to log in. The login.jsp appears in the URL address in the
browser...
Does an
On 12/08/2003 11:59 PM Chaikin, Yaakov Y (US SSA) wrote:
I realized that my user can mess himself by bookmarking the login page
he is asked to log in. The login.jsp appears in the URL address in the
browser...
Does anyone know how to avoid this? How do I block that URL for the user
and not for the
Tomcat 4.0.x, 4.1.x does a redirect to the login page specified in the
web.xml
Tomcat 5 does a forward so the login page url never reaches the browser.
There are a number of workarounds/hacks in the archives for tc4.
eg the thread "j_security_check - Bookmarking the login page. A teaser!"
Jon
Ja
At 01:54 AM 12/9/2003 -0500, you wrote:
> Put the file in something like WEB-INF/jsp/login.jsp. Then either
> configure form-based authentication for the path to that JSP
I tried doing that, but when I specified /WEB-INF/jsp/login.html in
FORM
/WEB-INF/jsp
/login.
> Put the file in something like WEB-INF/jsp/login.jsp. Then either
> configure form-based authentication for the path to that JSP
I tried doing that, but when I specified /WEB-INF/jsp/login.html in
FORM
/WEB-INF/jsp
/login.html
/WEB-INF/jsp
/lo
Put the file in something like WEB-INF/jsp/login.jsp. Then either
configure form-based authentication for the path to that JSP or have your
MVC framework serve up that JSP page upon access to a protected
resource. The "back" button will never know the exact location of the page.
Jake
At 05:5
Hi,
I realized that my user can mess himself by bookmarking the login page
he is asked to log in. The login.jsp appears in the URL address in the
browser...
Does anyone know how to avoid this? How do I block that URL for the user
and not for the server?
Thanks.
Yaakov Chaikin
Software Engineer
13 matches
Mail list logo
