tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: Bug or Feature? Additional parameters not passed for FORM login page in Tomcat 3.2 b7
Date Thu, 16 Nov 2000 22:23:44 GMT
"Xia, Alex" wrote:

> I have been trying to retrieve additional field information from the FORM
> login page without success. Basically I am using the following login.jsp but
> could not get "my_field".
>
> <html>
> <body>
> <h1>Login page for examples</h1>
>
> <form method="POST" action="j_security_check" >
>  <input type="text" name="j_username">
>  <input type="password" name="j_password">
>  <input type="text" name="my_field">
>  <input type="submit" name="j_security_check">
> </form>
>
> <%
>         System.out.println("my_field="+request.getParameter("my_field");
> %>
> </body>
> </html>
>
> The println statement always prints null.
>
> The same thing holds true if I try to use request.getParameter("my_field")
> inside the SimpleRealm.java.
>
> Nothing is said in the Servlet Spec for FORM based login NOT to pass
> additional fields. Is this a Tomcat bug?
>

No, you were right the first time ... it's a feature :-).

Why is this so?  Because the form is submitted to a URL that ends in
"/j_security_check".  Your page is called to create the original input form, but
the submit goes to an internal Tomcat component.

The whole idea of form based login is to make the user experience similar to
what happens when you use BASIC authentication:

* User submits a URL to a protected resource

* The login dialog "pops up"

* The server authenticates the user, and proceeds
  to display the *originally* requested page

The only difference is that form based login lets you impose your own look and
feel on the input form.  After the username and password are processed, control
proceeds to the originally requested page, not back to your login page.

>
> Thanks,
>
> Alex X. Xia

Craig McClanahan



Mime
View raw message