RE: Invalid direct reference to form login page

2003-07-21 Thread Abid Ali Teepo 

Usually you are interested in some secured resource, and you try to get it.
Because it's secured you will be redirected to a login-page, and after authenticating 
yourself you will be redirected to the requested resource.

If you go directly to the login-page, where will it redirect you when you are loged in 
?

This is the cause ...

Abid

-Original Message-
From: Christian J. Dechery - ACCENTURE
[mailto:[EMAIL PROTECTED]
Sent: 21. juli 2003 16:09
To: Tomcat Users List (E-mail)
Subject: Invalid direct reference to form login page


Sometimes I get this error message... can someone give me a hint on the
probable causes??

___
:: Christian J. Dechery 
:: Accenture do Brasil 
:: CHT - Solutions Operations 
:: [EMAIL PROTECTED] 

 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: invalid direct reference to form login page...

2003-06-28 Thread Stefan Radzom 
Your problem has just recently been discussed on this list. Ben Jessel
proposed a workaround which I attached below. Hopefully, this might work for
you.

Stefan


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
 Sent: Friday, June 27, 2003 1:42 PM
 To: [EMAIL PROTECTED]
 Subject: Possible workaround for invalid direct reference to 
 login page
 
 
 Java Authentication with tomcat relies on realms. If you 
 access a page 
 protected by that realm you get directed to the login page.
 However, it is possible to go directly to the login page ( 
 this can happen 
 when users bookmark the login page inadvertantly ).
 
 This happens in two scenarios:
 
 1) The user is already logged in.
 2) The user is not logged in.
 
 If you authenticate yourself once you have gone directly to the login 
 page, you get a invalid direct reference error. Fair 
 enough, the login 
 page is trying to redirect to itself. Now, I tried to 
 workaround this by 
 checking if the session is null, and if it is, redirecting to some 
 protected page, eg. protected/index.jsp. No luck. It seems 
 that a session 
 is implicitly created, and a new session id gets created.
 
 So I've tried a cookie strategy:
 
 %
 if ( request.getCookies()==null ) {
 response.sendRedirect(//jsp/protected/index.jsp);
 }
 if ( request.getRemoteUser()!=null )
 {
 response.sendRedirect(/x/jsp/protected/index.jsp);
 }
 %
 
 i.e, we wont have a cookie if we've gone directly to the 
 login page. But 
 we will have if we've tried to access a protected page and 
 then we've been 
 forwarded to a login page, tomcat will give us a cookie.
 
 Now if we're already logged in ( which we check with 
 getRemoteUser() , 
 then we just forward to user to an index page. 
 
 This seems o.k. However my index page actually includes my 
 login page! I'm 
 planning to get around this with some logic that only 
 includes the login 
 page excerpt if we are not logged in..
 
 Ben
 


 -Original Message-
 From: Brian Kuhn [mailto:[EMAIL PROTECTED] 
 Sent: Sunday, June 29, 2003 1:16 AM
 To: [EMAIL PROTECTED]
 Subject: invalid direct reference to form login page...
 
 
 Hi all,
 
 I've set up Tomcat (4.1.24) to do form based authentication.  
 Everything 
 works great, except I've had to deal with a lot of users that 
 type in the 
 url I've given them, get redirected to the login page, and 
 bookmark the 
 login page before logging in.  Later, when they use the 
 bookmark, they get 
 sent to the login page, but get a Invalid direct reference 
 to form login 
 page... message once they log in.
 
 I understand why this happens, but don't know what to do 
 about it.  Is there 
 a way to specify a default page to go to when the login page 
 is requested 
 directly?
 
 Thanks,
   Brian Kuhn
   Telscape Communications
 
 
 
 
 
 Brian Kuhn
 [EMAIL PROTECTED]
 
 
 _
 The new MSN 8: smart spam protection and 2 months FREE*  
 http://join.msn.com/?page=features/junkmail
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Invalid direct reference to form login page

2002-05-10 Thread David M. Karr 

 Lisa == Lisa van Gelder [EMAIL PROTECTED] writes:

Lisa Here is the bit of my web.xml file that deals with login. The whole of my
Lisa app should be protected.

Lisa My code never redirects, it leaves all the authentication up to tomcat.

Lisa   security-constraint
Lisa   web-resource-collection
Lisa   web-resource-nameMy
Lisa Application/web-resource-name
Lisa   url-pattern/*/url-pattern
Lisa   http-methodPOST/http-method
Lisa   http-methodGET/http-method
Lisa   /web-resource-collection
Lisa   auth-constraint
Lisa   role-namemyUser/role-name
Lisa   /auth-constraint
Lisa   /security-constraint
Lisa   login-config
Lisa   auth-methodFORM/auth-method
Lisa   form-login-config
Lisa   form-login-page/login/login.jsp/form-login-page

Lisa form-error-page/login/login-failure.jsp/form-error-page
Lisa   /form-login-config
Lisa   /login-config

I believe this might be due to the fact that you've declared the login
directory as part of the protected resource.  Try creating a subdirectory of
the application root where all the pages go, except for the login and error
pages, then specify that subdirectory as your protected resource.

-- 
===
David M. Karr  ; Java/J2EE/XML/Unix/C++
[EMAIL PROTECTED]


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]