Thanks for the response Chris. You're right. Jetty does a redirect, so on the client-side the browser sees "/login.html?error=true". Since this isn't happening in Tomcat, I am unable to retrieve the query string client side. As you indicated my login page is static html and I am relying on client-side processing to interpret the query string. I ended up working around the issue by creating a loginerror.html which is identical to login.html except that I have added a hidden DIV to the loginerror.html. I can then search for the hidden DIV to determine if there was a login failure or not. Not pretty, but it works!
Thanks Shaun On Wed, Aug 25, 2010 at 10:17 PM, Christopher Schultz <ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Shaun, > > On 8/23/2010 4:56 AM, Shaun Senecal wrote: >> I'm using FORM authentication, and everything seems to be working >> (logins are accepted, etc), except when there was an error the URL >> changes in the users browser to point to j_security_check. > > This is expected. > >> The >> contents of the redirect to j_security_check contains login.html, so >> the user is able to login as expected, but my "error=true" query >> string is not passed along. > > How are you checking? If you are forwarding to a .html page, you > probably don't have any dynamic content in there, and therefore have no > options for checking for things like request parameters. > >> Is there something obvious I am doing >> wrong here? I got it working under Jetty as a sanity test, but I need >> to get it working in Tomcat too... > > It's possible that Jetty performs a redirect (to login.html?error=true) > during a failed login and Tomcat performs a forward, which is entirely > server-side. The result is that the client never sees the "error=true" > and therefore only server-side components will be able to see it. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkx1F/oACgkQ9CaO5/Lv0PBinQCfYr3S/2sEresGix7Qcd/waAow > ltYAoIMMm/C9xFuMS5ixJ8jlsm1ensim > =cFJK > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
