Andoni: Which version of Tomcat do you use? On Tomcat 5.0.14, if you access a protected page, the web browser displays the login page, but in the address field, the browser continues to list the protected page address. If you bookmark the page, your browser stores the address of the protected page, not the login page.
As a consequence of the browser preserving the protected page address, but displaying the login page, the browser continues to display links and images relative to the protected page's URL. As the protected page may be located in any protected path, your login page may not properly display images or import stylesheets located in other unprotected areas, including those in the same directory as the login page. In order to guarantee that the login page refers correctly to these unprotected objects, the login page must refer to them using addresses relative to the application context (in the address http://www.mytomcatsite.net/myapp, "myapp" is the context). For example, you could use the JSTL <c:url> tag to set the context address (URL) and refer to objects relative to this address: <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <%-- Calculate URLs relative to application context. --%> <c:url var="contextUrl" value="/"/> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd";> <html> <head> <link rel="stylesheet" href="${contextUrl}Style/General.css" type="text/css"> </head> <body> <a href="${contextUrl}View/index.jsp"> <img src="${contextUrl}Image/menu_r1_c1.gif" width="80" height="80"/> </a> </body> </html> Unless you specify an absolute address, both JSTL tags <c:url> and <c:redirect> form addresses relative to the application context. These come in handy in your login page. Derek -----Original Message----- From: Andoni [mailto:[EMAIL PROTECTED] Sent: November 19, 2003 5:14 AM To: Tomcat Users List Subject: j_security_check - Bookmarking the login page. A teaser! Hello, I have recently switched my site to using form-based logins. I found as soon as I started testing that there is a fundamental problem with this approach. When the user get sent via a click to a protected page they get the login screen. The only problem arises when a user bookmarks the login screen. If they bookmark the login screen then use this bookmark to bring it up, when they enter their details Tomcat doesn't know where to bring them next and hence gives them an error message. I can use Apache rewriting or aliasing if you think either of these will help solve the problem. Any suggestions? Surely this problem has been encountered by everyone who has ever implemented form-based login, or do they just not? Thanks, Andoni --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
