tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45710] FormAuthenticator - Request Parameters are lost after authentication
Date Tue, 09 Sep 2008 16:23:54 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45710





--- Comment #2 from Kamal <kamalasekar.r@gmail.com>  2008-09-09 09:23:53 PST ---
Thanks Mark. I found the problem with my code where we retrieve the Jsessionid
using an URL (that does include parameters) and the first request after the
Jsessionid (authenticated using j_security_check) includes the parameters.
Obviously, the request URLs are different now and the Tomcat 5.5 restores the
URL (redirect Location) with no parameters that was used to retrieve the
Jsessionid from the server.

In short, the approach I used is as follows (might help others looking for a
solution)

App A uses Form Authentication

1) Call the App A (running in Server 1) through URL (say with parameters)  from
App B (running in server 2)
2) The server returns the response with Jsessionid (iterate the headers/cookies
to retrieve one)
3) Append the Jsessionid to the j_security_check along with username/password
and the response header returns the same Jsessionid (authenticated by server)
4) Now, call the App A again with the same URL we used in Step 1.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message