From tomcat-dev-return-26641-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org Thu Aug 30 03:43:35 2001 Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 10316 invoked by uid 500); 30 Aug 2001 03:43:34 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: tomcat-dev@jakarta.apache.org Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 10298 invoked from network); 30 Aug 2001 03:43:33 -0000 Message-ID: <3956BA03E660D411A3F60008C707D948062469FD@dfwex02.allegiancetelecom.com> From: "Bragg, Casey" To: "'tomcat-dev@jakarta.apache.org'" Subject: Bug in FormAuthenticator? Date: Wed, 29 Aug 2001 22:37:16 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N I think the following action causes a bug : Tomcat 4.0b7 (not specific to this release) JDBCRealm (not specific to this realm) FormAuthenticator 1)Go to the URL of the specified login page (go directly to it). 2)Login correctly. 3)You will be sent to /null or /context/null. (unless my configuration is screwed up) I think the problem is in the savedRequestURL method. I don't know if this solution is mentioned in the spec, but it seems pretty important. This is how I think the code should be : private String savedRequestURL(Session session) { ...snip if (saved == null) { return (null); } else { // where config.getDefaultPage returns a page URL to // go to if the Login page was requested directly // (no request was saved). I suppose this would be set // the same way the LoginPage URL was specified return config.getDefaultPage(); } ...snip }