Return-Path: <Craig.McClanahan@eng.sun.com>
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 43569 invoked from network); 16 Nov 2000 22:22:31 -0000
Received: from lukla.sun.com (192.18.98.31)
  by locus.apache.org with SMTP; 16 Nov 2000 22:22:31 -0000
Received: from centralmail1.Central.Sun.COM ([129.147.62.10])
	by lukla.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id PAA28348
	for <tomcat-user@jakarta.apache.org>; Thu, 16 Nov 2000 15:22:27 -0700 (MST)
Received: from esun1as-mm. (esun1as-mm.Central.Sun.COM [129.147.34.144])
	by centralmail1.Central.Sun.COM (8.9.3+Sun/8.9.3/ENSMAIL,v1.7) with SMTP id
 PAA02484
	for <tomcat-user@jakarta.apache.org>; Thu, 16 Nov 2000 15:22:27 -0700 (MST)
Received: from eng.sun.com by esun1as-mm. (SMI-8.6/SMI-SVR4)
	id PAA20028; Thu, 16 Nov 2000 15:34:20 -0700
Message-ID: <3A145E70.958741C4@eng.sun.com>
Date: Thu, 16 Nov 2000 14:23:44 -0800
From: "Craig R. McClanahan" <Craig.McClanahan@eng.sun.com>
X-Mailer: Mozilla 4.75 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: tomcat-user@jakarta.apache.org
Subject: Re: Bug or Feature? Additional parameters not passed for FORM login
 page
 in Tomcat 3.2 b7
References: <23D1CA44E737D2119A6100A0C9D60B7D928E37@sonusdc2.sonusnet.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N

"Xia, Alex" wrote:

> I have been trying to retrieve additional field information from the FORM
> login page without success. Basically I am using the following login.jsp but
> could not get "my_field".
>
> <html>
> <body>
> <h1>Login page for examples</h1>
>
> <form method="POST" action="j_security_check" >
>  <input type="text" name="j_username">
>  <input type="password" name="j_password">
>  <input type="text" name="my_field">
>  <input type="submit" name="j_security_check">
> </form>
>
> <%
>         System.out.println("my_field="+request.getParameter("my_field");
> %>
> </body>
> </html>
>
> The println statement always prints null.
>
> The same thing holds true if I try to use request.getParameter("my_field")
> inside the SimpleRealm.java.
>
> Nothing is said in the Servlet Spec for FORM based login NOT to pass
> additional fields. Is this a Tomcat bug?
>

No, you were right the first time ... it's a feature :-).

Why is this so?  Because the form is submitted to a URL that ends in
"/j_security_check".  Your page is called to create the original input form, but
the submit goes to an internal Tomcat component.

The whole idea of form based login is to make the user experience similar to
what happens when you use BASIC authentication:

* User submits a URL to a protected resource

* The login dialog "pops up"

* The server authenticates the user, and proceeds
  to display the *originally* requested page

The only difference is that form based login lets you impose your own look and
feel on the input form.  After the username and password are processed, control
proceeds to the originally requested page, not back to your login page.

>
> Thanks,
>
> Alex X. Xia

Craig McClanahan