Nicholas Sushkin wrote:
On Thursday 08 November 2007, you wrote:
The question I had was what happens when you directly request the login
form and successfully login.
Tomcat will give you an error page saying something along the lines the
login page was accessed directly. It won't let
From: Andrew R Feller [mailto:[EMAIL PROTECTED]
Subject: j_security_check redirect after login
How does j_security_check know where to redirect users to after they
have logged in?
Read the servlet spec; to quote from SRV.12.5.3.1:
If the form based login is invoked because of an HTTP
You never directly call j_security_check. Here's how the process flow
works:
1. browser attempts to load a protected page
2. tomcat saves the request and redirects the client to j_security_check
for authentication
3. on successful authentication, tomcat restores the original request.
So
PROTECTED]
(office) 225.578.3737
-Original Message-
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 08, 2007 3:07 PM
To: Tomcat Users List
Subject: Re: j_security_check redirect after login
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew,
Andrew R Feller
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew,
Andrew R Feller wrote:
I'm sorry but maybe I am reading a different version of the servlet
specification than you: it only explains the case where you access a
container-managed resource and then login.
That would be the only case
From: Andrew R Feller [mailto:[EMAIL PROTECTED]
Subject: RE: j_security_check redirect after login
I'm sorry but maybe I am reading a different version of the servlet
specification than you: it only explains the case where you access a
container-managed resource and then login.
Form-based
Message-
From: Andrew R Feller [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 08, 2007 2:42 PM
To: Tomcat Users List
Subject: RE: j_security_check redirect after login
Christopher,
I'm sorry but maybe I am reading a different version of the servlet
specification than you: it only explains
[EMAIL PROTECTED]
(office) 225.578.3737
-Original Message-
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 08, 2007 1:40 PM
To: Tomcat Users List
Subject: Re: j_security_check redirect after login
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew,
Andrew R
-Original Message-
From: Reich, Matthias [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 08, 2007 12:08 PM
To: Tomcat Users List
Subject: RE: j_security_check redirect after login
You should also have a look at
/org/apache/catalina/authenticator/FormAuthenticator.java
In this class you
that are protected, but it's likely they would get this error if they
tried to do what you're describing below.
-Original Message-
From: David Smith [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 08, 2007 1:45 PM
To: Tomcat Users List
Subject: Re: j_security_check redirect after login
On Thursday 08 November 2007, you wrote:
The question I had was what happens when you directly request the login
form and successfully login.
Tomcat will give you an error page saying something along the lines the
login page was accessed directly. It won't let you login successfully.
Tomcat
11 matches
Mail list logo
