struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Gordon <>
Subject Re: [struts] JAAS and Struts Re-authentication Question
Date Fri, 16 Nov 2007 22:12:08 GMT
Yea, but in this case, it may be something we need to live with.

The login page scriptlet code looks for the login credentials in the 
request and sets the appropriate form fields as well as a flag we use to 
indicate whether the form should be submitted immediately upon loading 
and in either case, it's a POST to j_security_check.  I'm not sure I'll 
be able to even configure a filter for what we need to do.  Am testing 
it now.  We may need to forgo JAAS entirely and use an action servlet 


Dale Newfield wrote:
> Except a redirect must be to a GET, not a POST, and it would be 
> unfortunate to include the login credentials in a GET as they would 
> then appear in history/logfiles...
> ...there's no way to do in code in your filter right where the problem 
> case is detected the same stuff you do in a script on your login form 
> page?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message