Thanks guys. Referer doesn't have the original URL in it either.
Jim > -----Original Message----- > From: Mike Jackson [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 24, 2002 3:40 PM > To: Tomcat Users List > Subject: RE: determining URL selected prior to redirection for > j_security_check? > > > If you're trying to do security you should remember that the > Referer header > can > be forged with little to no problem. > > --mikej > -=----- > mike jackson > [EMAIL PROTECTED] > > -----Original Message----- > From: Durham David Cntr 805CSS/SCBE > [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 24, 2002 3:38 PM > To: Tomcat Users List > Subject: RE: determining URL selected prior to redirection for > j_security_check? > > > Yeah, I think you might be better off with implementing your > own security > mechanisms for this. > > Although, maybe request.getHeader("Referer") has something in it? > Interesting to note that this differs from javascripts > document.referrer > which has 4 r's. > > > -----Original Message----- > From: Stadter, Jim [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 24, 2002 5:13 PM > To: Tomcat Users List > Subject: RE: determining URL selected prior to redirection for > j_security_check? > > > > Not relevant because of the automatic redirection > by Tomcat, I assume? > > Thanks for taking a look though. > > Jim > > > -----Original Message----- > > From: Durham David Cntr 805CSS/SCBE > > [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, July 24, 2002 3:10 PM > > To: Tomcat Users List > > Subject: RE: determining URL selected prior to redirection for > > j_security_check? > > > > > > err... my bad, this is not relevant > > > > -----Original Message----- > > From: Durham David Cntr 805CSS/SCBE > > Sent: Wednesday, July 24, 2002 5:09 PM > > To: Tomcat Users List > > Subject: RE: determining URL selected prior to redirection for > > j_security_check? > > > > > > Yeah, there's a lot of ways to do that. > > > > do something like: > > > > if (!loggedIn) { > > response.sendRedirect("login.jsp?redirect=" + > > request.getRequestURI()); > > return; > > } > > > > > > then on the login form: > > <input type="hidden" name="redirect" value="<%= > > request.getParameter("redirect")%>"> > > or > > <form action="login_act.jsp?redirect=<%= > > request.getParameter("redirect") %>"> > > > > > > > > > > -----Original Message----- > > From: Stadter, Jim [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, July 24, 2002 4:55 PM > > To: [EMAIL PROTECTED] > > Subject: determining URL selected prior to redirection for > > j_security_check? > > > > > > Hi, > > > > My index.html page contains three links, two of > > which require authorization prior to access. I'm > > using form based authentication, and would like to > > customize the login.jsp page (which contains the j_security_check > > form) to provide an indication of the original link that was > > selected from > > index.html. Is there a way to determine the original link > > that was selected prior to the container redirecting to > > login.jsp? > > > > I'm using tomcat 4.0.3. > > > > Thanks for any insight. > > > > Jim > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
