the sendRedirect() method is on the response object. Another method of interest will be the encodeRedirectURL() so that non-cookie users can still use your site. Something like:
resource = "somepage/somewhere.jsp"; response.sendRedirect(response.encodeRedirectURL(resource)); > -----Original Message----- > From: Ronnie [mailto:[EMAIL PROTECTED] > Sent: Friday, August 01, 2003 11:59 AM > To: Tomcat Users List > Subject: Re: FORM Login Bypassed > > > > ----- Original Message ----- > From: "Mike Curwen" <[EMAIL PROTECTED]> > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > Sent: Saturday, August 02, 2003 12:45 AM > Subject: RE: FORM Login Bypassed > > > > When your dispatcher does the translation, does it forward > or include > > the 'actual' resource ? Meaning it takes place entirely > server-side ? > > This is how I dispatched it: > > RequestDispatcher rd = request.getRequestDispatcher(resource); > > // Forward resource, resource is the URL. IE: > "/computers/admin/index.jsp" > try { > rd.forward(request, response); > } catch (ServletException e) {...} > > > If you did a sendRedirect, that would then make the browser request > > the protected resource directly, which would invoke the > AUTH, if the > > AUTH is configured correctly. And it looks right to me. > > How do you do a sendRedirect? Sorry, I'm still quite green in > servlet programming... > > > What it sounds like is that once you are on the server-side (by > > requesting the un-protected /dispatcher resource) that any > server-side > > forwards or includes are not being authenticated. I wasn't > aware that > > was the case. > > > > It works this way for filters though, but in the next servlet spec > > (2.4) we'll have filter mappings being honoured for forwards and > > includes as well (configurable). > > Thanks alot for the help and info! > > > > > > -----Original Message----- > > > From: Ronnie [mailto:[EMAIL PROTECTED] > > > Sent: Friday, August 01, 2003 11:35 AM > > > To: [EMAIL PROTECTED] > > > Subject: FORM Login Bypassed > > > > > > > > > Hi! > > > > > > I have this web application using FORM login access but I > am having > > > problem directing the navigation to the defined login > page when user > > > clicks on a secure link. > > > > > > You see, I am using a DispatcherServlet as a navigation > controller > > > to direct users to the correct page and the URL is coded as: > > > > > > <a href="dispatcher?action=admin">admin</a> > > > > > > Where "dispatcher" is the URL name of the > DispatcherServlet. In the > > > servlet, "admin" is translated to > "/computers/admin/index.jsp" from > > > values coded in web.xml. > > > > > > Now when I declare the protected url-pattern as > > > "/computers/admin/*" as below, when I click on the above link the > > > login page is bypassed and I can access the admin index > page without > > > logging in. > > > > > > <security-constraint> > > > <web-resource-collection> > > > <web-resource-name>Administration > > > functions</web-resource-name> > > > <!-- > > > <url-pattern>dispatcher?action=admin</url-pattern> Does > > > not work! --> > > > <url-pattern>/computers/admin/*</url-pattern> > > > </web-resource-collection> > > > <auth-constraint> > > > <!-- Anyone with one of the listed roles may access this > > > area --> > > > <role-name>admin</role-name> > > > </auth-constraint> > > > > > > <!-- HTTPS/SSL--> > > > <user-data-constraint> > > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > > </user-data-constraint> > > > </security-constraint> > > > > > > <login-config> > > > <auth-method>FORM</auth-method> > > > <form-login-config> > > > > <form-login-page>dispatcher?action=adminLogin</form-login-page> > > > > <form-error-page>dispatcher?action=adminLoginFail</form-error-page> > > > </form-login-config> > > > </login-config> > > > > > > To overcome this I had to hardcode the link in my webpage as: <a > > > href="/Computers/computers/admin/index.jsp">admin</a> > > > > > > I wish to keep my navigation based on logical names. Is there a > > > work-around or solution to this problem? > > > > > > > > > > > > Regards, > > > Ronnie Choo > > > Singapore > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
