tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 5853] - Unable to get request parameters in the Error page for form based login
Date Tue, 30 Apr 2002 18:32:00 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5853>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5853

Unable to get request parameters in the Error page for form based login

craig.mcclanahan@sun.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |WONTFIX



------- Additional Comments From craig.mcclanahan@sun.com  2002-04-30 18:31 -------
It was marked WONTFIX because any change along these lines would be nonportable
to any other container.

Form based login was designed (and specified in the Servlet Spec) in a manner
that emulates the user experience of using BASIC authentication:
* You request a protected resource
* A dialog box pops up asking you for the username and password
* (If you type them wrong, the box is redisplayed with an error message)
* When you are successfully authenticated, your *original*
  request is executed unchanged.

The only difference with form-based login is that you get to define the UI of
the login and error pages.  In neither of those pages do you have *any* access
to any aspect of the original request that triggered authentication.  The server
 has cached that away so that it can be replayed once you are successfully
authenticated (in BASIC it's actually the browser that does this, but the user
experience is identical).

If that is not sufficient for your requirements, you should use some technique
other than form based login for your app.

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message