Hi Adam,
I've put together a simple test for posting to a secured resource which
seems to throw up a problem. Included files are the web app. Based on
JBoss3.2.3 embedded tomcat4.1.
Martin
Index.html
<html>
<body>
<a href="form.html">form</a>
</body>
</html>
form.html
<html>
<body>
<form action="process.jsp" method="post">
<input type="text" name="text1"/>
<input type="submit" value="OK"/>
</form>
</body>
</html>
login.html
<html>
<body>
<h4>Please login:</h4>
<form method="POST" action="j_security_check">
<input type="text" name="j_username">
<input type="password" name="j_password">
<input type="submit" value="OK">
</form>
</body>
</html>
process.jsp
<html>
<body>
text1=<%=request.getParameter("text1")%>
</body>
</html>
WEB-INF\web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app >
<session-config>
<session-timeout>2</session-timeout>
</session-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Signon</web-resource-name>
<description>Declarative security tests</description>
<url-pattern>/form.html</url-pattern>
<url-pattern>/process.jsp</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>customer</role-name>
<role-name>merchant</role-name>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<description>no description</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/login.html</form-error-page>
</form-login-config>
</login-config>
</web-app>
WEB-INF\jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd";>
<jboss-web>
<security-domain>java:/jaas/authtest</security-domain>
<!-- Resource Environment References -->
<!-- Resource references -->
<!-- EJB References -->
</jboss-web>
-----Original Message-----
From: Adam Hardy [mailto:[EMAIL PROTECTED]
Sent: 25 March 2004 15:10
To: Tomcat Users List
Subject: Re: post data through form based authentication example?
Martin,
I would check your problem again. That is not the normal behaviour of
the container-managed login. It will cache the original request during
the login and send it on to the originally requested URL.
Adam
On 03/25/2004 02:45 PM Martin Alley wrote:
> Hi,
>
> Has any one got an example of a servlet secured with form based
> authentication, where the request to the servlet is posted, from
outside
> the secured area?
>
> My actual situation is I already have a web application with form
based
> auth working fine, but I have a problem when the user is at a web
form,
> about to post the data when their session times out. Then they submit
> the form, get sent to the login page, and then the on to the original
> form processing servlet. However the post data is now lost.
>
> I am using tomcat4.1 as bundled with JBoss 3.2.3 and the coyote
> connector.
>
> Thanks in advance
> Martin
> PS I have also posted to JBoss
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
struts 1.1 + tomcat 5.0.16 + java 1.4.2
Linux 2.4.20 Debian
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
