Re: Problem with the redirect after j_security_check

2023-07-24 Thread Christopher Schultz

Helge,

On 7/22/23 11:03, Wiemann, Helge (ESI) wrote:

we are using Tomcat 9 and the still the JDBC Realm for authentication.

Our starting URL (which is protected) ends with “/boot1#index”

The form authentication is then processed through the common url 
j_security_check.


But after a successful login, he is not redirecting to “boot1#index” but 
only to “boot1”, he is missing the #index but this is necessary for our 
application.


Any idea why he is removing this #index string or any possible solution 
to fix?


As others have said, the browser won't send the # or anything after it.

But if you know you need to send back a # in the redirect, then your 
application needs to generate that #fragment at the end of the URL.


You may wish to reconsider your use of the #fragment to maintain state, 
and instead use different paths, request parameters, cookies, or some 
other mechanism that HTTP *does* guarantee will be sent to the server 
along with the request.


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Problem with the redirect after j_security_check

2023-07-22 Thread Shawn Heisey

On 7/22/23 12:03, Mark Thomas wrote:
Your target URL is invalid. No user agent should be sending the  
fragment (#index) part of the URL. At best Tomcat will ignore it. Later 
versions may even reject it (I have a memory of that but don't have easy 
acces to the source code to check right now).


What I have observed about #:

If you are working in a browser, the # character and anything after it 
are never sent to the webserver.  That value is completely handled 
within the browser, typically used to either anchor to a specific point 
in the web page or provide data to javascript code running in the browser.


Thanks,
Shawn

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Problem with the redirect after j_security_check

2023-07-22 Thread Mark Thomas



22 Jul 2023 17:03:50 Wiemann, Helge (ESI) 
:



Hi all,

we are using Tomcat 9 and the still the JDBC Realm for authentication.

Our starting URL (which is protected) ends with “/boot1#index”
The form authentication is then processed through the common url 
j_security_check.
But after a successful login, he is not redirecting to “boot1#index” 
but only to “boot1”, he is missing the #index but this is necessary for 
our application.


Any idea why he is removing this #index string or any possible solution 
to fix?


Your target URL is invalid. No user agent should be sending the  fragment 
(#index) part of the URL. At best Tomcat will ignore it. Later versions 
may even reject it (I have a memory of that but don't have easy acces to 
the source code to check right now).


Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org