tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ricardo GarcĂ­a <rgar...@latinia.com>
Subject FORM based authentication referer
Date Wed, 21 Jan 2004 16:30:48 GMT
Here's some starting context for my question ....

I have a war file that has been configured to use FORM based authentication.
I have set the <form-login-page> in the web.xml of the war file to point to
a jsp file in my war file.  When a user invokes any jsp without being logged 
in the login jsp is displayed.  The user enters the
userid/password submits the page to j_security_check, is validated and
redirected to the requested page.

My question is ...

Has anyone ever tried discovering the page that the user is trying to access
from within the jsp page referenced as the <form-login-page>?  I have tried
checking the HTTP headers and session, but have not discovered it being
saved anywhere.  Usually when a page invokes another page the HTTP header
REFERER exists with the URL to the previous page.  I have noticed that once
the user posts the login form on my login.jsp to j_security_check and is
authenticated they are redirect to the correct location .. correct location
being back to the page they wanted to access originally.  This would mean
that it has to be somewhere, but where??


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message