Query strings are not used in servlet mapping declarations.
-Tim
Ronnie wrote:
Hi!
I have this web application using FORM login access but I am having problem directing the navigation to the defined login page when user clicks on a secure link.
You see, I am using a DispatcherServlet as a navigation controller to direct users to the correct page and the URL is coded as:
<a href="dispatcher?action=admin">admin</a>
Where "dispatcher" is the URL name of the DispatcherServlet. In the servlet, "admin" is translated to "/computers/admin/index.jsp" from values coded in web.xml.
Now when I declare the protected url-pattern as "/computers/admin/*" as below, when I click on the above link the login page is bypassed and I can access the admin index page without logging in.
<security-constraint> <web-resource-collection> <web-resource-name>Administration functions</web-resource-name> <!-- <url-pattern>dispatcher?action=admin</url-pattern> Does not work! --> <url-pattern>/computers/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>admin</role-name> </auth-constraint>
<!-- HTTPS/SSL--> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
<login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>dispatcher?action=adminLogin</form-login-page> <form-error-page>dispatcher?action=adminLoginFail</form-error-page> </form-login-config> </login-config>
To overcome this I had to hardcode the link in my webpage as: <a href="/Computers/computers/admin/index.jsp">admin</a>
I wish to keep my navigation based on logical names. Is there a work-around or solution to this problem?
Regards, Ronnie Choo Singapore
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
