Hi!
I have this web application using FORM login access but I am having problem directing
the navigation to the defined login page when user clicks on a secure link.
You see, I am using a DispatcherServlet as a navigation controller to direct users to
the correct page and the URL is coded as:
<a href="dispatcher?action=admin">admin</a>
Where "dispatcher" is the URL name of the DispatcherServlet. In the servlet, "admin"
is translated to "/computers/admin/index.jsp" from values coded in web.xml.
Now when I declare the protected url-pattern as "/computers/admin/*" as below, when I
click on the above link the login page is bypassed and I can access the admin index
page without logging in.
<security-constraint>
<web-resource-collection>
<web-resource-name>Administration functions</web-resource-name>
<!-- <url-pattern>dispatcher?action=admin</url-pattern> Does not work! -->
<url-pattern>/computers/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>admin</role-name>
</auth-constraint>
<!-- HTTPS/SSL-->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>dispatcher?action=adminLogin</form-login-page>
<form-error-page>dispatcher?action=adminLoginFail</form-error-page>
</form-login-config>
</login-config>
To overcome this I had to hardcode the link in my webpage as: <a
href="/Computers/computers/admin/index.jsp">admin</a>
I wish to keep my navigation based on logical names. Is there a work-around or
solution to this problem?
Regards,
Ronnie Choo
Singapore
