OK, before I change my whole approach and use a filter or "loggedIn" flag on
al my JSP pages, can someone tell easily why this worked under 3.2 but
doesn't under 4.0.1?
Login.jsp looks like this:
==================================
<%@ page autoFlush="false" %>
<%
String name = request.getParameter("j_username");
String password = request.getParameter("j_password");
try
{
String path="/orders/login";
response.setStatus(302,"Found");
response.setHeader("Location", path);
RequestDispatcher rd = application.getRequestDispatcher(
"/j_security_check?j_username="+
request.getParameter("j_username")+
"&j_password="+request.getParameter("j_password"));
rd.include(request,response);
if (!response.isCommitted())
{
response.reset();
}
}
catch (Exception e)
{
}
%>
=================================
where orders/login is my servlet I want to run after the j_security_check
has been done. It worked before!
Gerry
----- Original Message -----
From: "Cox, Charlie" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Friday, January 11, 2002 1:59 PM
Subject: RE: Securing access to pages
> a filter would work great for this. I am doing the exact same thing(minus
> jboss) by using a filter - it can be mapped differently than your
> servlets/jsp so it can span as much as it needs to. Just put something
into
> the session that the filter can check for, and if it is not there, the
> filter should redirect(or forward) to the login page.
>
> Charlie
>
> > -----Original Message-----
> > From: Mike Curwen [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, January 10, 2002 12:27 PM
> > To: Tomcat Users List
> > Subject: RE: Securing access to pages
> >
> >
> > How about placing a flag in the session, which every JSP (or
> > hopefully your
> > controller servlet) checks for first.
> >
> > If it finds the flag (say "loggedIn") then it continues
> > processing. If it
> > doesn't, it redirects to the login servlet. The login
> > servlet would then
> > place the "loggedIn" flag into the session, and either send
> > them to /index
> > or to the page they were trying to access before (which you cleverly
> > provided as a parameter when you redirected to the login servlet).
> >
> >
> > -----Original Message-----
> > From: Gerry Duhig [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, January 10, 2002 11:16 AM
> > To: [EMAIL PROTECTED]
> > Subject: Securing access to pages
> >
> >
> > This is an old question to which I had an answer that worked
> > under 3.2.3 but
> > now fails under 4.0.1
> >
> > Using Tomcat embedded in JBoss, I want to secure access to a
> > certain set of
> > pages and use the JBoss security system to carry out the
> > authentication.
> >
> > Standard stuff. But, as well as going through the JBoss
> > security check I
> > want to force a user to also go through my own Login servlet.
> >
> > If users only ever start at /index.htm this is easy, but if
> > they remember
> > and try to come back in half way down the site, the JBoss
> > security works,
> > but I need to "insert" a redirect to my login servlet.
> >
> > Does anyone know how to do this?
> >
> > Thanks
> >
> > Gerry
> >
> >
> >
> > --
> > To unsubscribe: <mailto:[EMAIL PROTECTED]>
> > For additional commands: <mailto:[EMAIL PROTECTED]>
> > Troubles with the list: <mailto:[EMAIL PROTECTED]>
> >
>
> --
> To unsubscribe: <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
>
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
