If you're trying to do security you should remember that the Referer header can be forged with little to no problem.
--mikej -=----- mike jackson [EMAIL PROTECTED] -----Original Message----- From: Durham David Cntr 805CSS/SCBE [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 24, 2002 3:38 PM To: Tomcat Users List Subject: RE: determining URL selected prior to redirection for j_security_check? Yeah, I think you might be better off with implementing your own security mechanisms for this. Although, maybe request.getHeader("Referer") has something in it? Interesting to note that this differs from javascripts document.referrer which has 4 r's. -----Original Message----- From: Stadter, Jim [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 24, 2002 5:13 PM To: Tomcat Users List Subject: RE: determining URL selected prior to redirection for j_security_check? Not relevant because of the automatic redirection by Tomcat, I assume? Thanks for taking a look though. Jim > -----Original Message----- > From: Durham David Cntr 805CSS/SCBE > [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 24, 2002 3:10 PM > To: Tomcat Users List > Subject: RE: determining URL selected prior to redirection for > j_security_check? > > > err... my bad, this is not relevant > > -----Original Message----- > From: Durham David Cntr 805CSS/SCBE > Sent: Wednesday, July 24, 2002 5:09 PM > To: Tomcat Users List > Subject: RE: determining URL selected prior to redirection for > j_security_check? > > > Yeah, there's a lot of ways to do that. > > do something like: > > if (!loggedIn) { > response.sendRedirect("login.jsp?redirect=" + > request.getRequestURI()); > return; > } > > > then on the login form: > <input type="hidden" name="redirect" value="<%= > request.getParameter("redirect")%>"> > or > <form action="login_act.jsp?redirect=<%= > request.getParameter("redirect") %>"> > > > > > -----Original Message----- > From: Stadter, Jim [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 24, 2002 4:55 PM > To: [EMAIL PROTECTED] > Subject: determining URL selected prior to redirection for > j_security_check? > > > Hi, > > My index.html page contains three links, two of > which require authorization prior to access. I'm > using form based authentication, and would like to > customize the login.jsp page (which contains the j_security_check > form) to provide an indication of the original link that was > selected from > index.html. Is there a way to determine the original link > that was selected prior to the container redirecting to > login.jsp? > > I'm using tomcat 4.0.3. > > Thanks for any insight. > > Jim > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
