tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eichfelder, Frank" <Frank.Eichfel...@t-systems.de>
Subject Form-Based-Authentication with Tomcat 4.0.1
Date Wed, 31 Oct 2001 10:43:14 GMT
Hi,

I have a problem with the form-based-authentication with Tomcat 4.0.1.

The problem is:
If I access a protected page for the first time, I am redirected to the login-page and asked
for username and password. If my input is correct, I am redirected to the desired page.

Now I close the browser (IE 5.5 - cookies are accepted) and restart it.
Now I try the same procedure, reenter my username and password, and get as result an empty
page. In the browser I can see that the correct URL was demanded, and if I press the Reload-Button,
then I see the desired page.
But this behaviour is not what I want, it should work automatically.

Can I do this via server.xml or web.xml settings? Or do I have to rewrite my html-pages?
I have already added
<META http-equiv="expires" content="0"> 
to the html-pages, without any effect.

To see the difference between first login and second login, I add an extract of the access-logfile:

First login:
27.0.0.1 - - [31/Oct/2001:11:07:30 1000] "GET /logintest/ HTTP/1.1" 302 654
127.0.0.1 - - [31/Oct/2001:11:07:30 1000] "GET /logintest/index.html HTTP/1.1" 304 -
127.0.0.1 - - [31/Oct/2001:11:07:32 1000] "GET /logintest/secure/securepage.html HTTP/1.1"
302 654
127.0.0.1 - - [31/Oct/2001:11:07:33 1000] "GET /logintest/LoginForm.html HTTP/1.1" 200 679
127.0.0.1 - - [31/Oct/2001:11:07:38 1000] "POST /logintest/j_security_check HTTP/1.1" 302
654
127.0.0.1 - tomcat [31/Oct/2001:11:07:38 1000] "GET /logintest/secure/securepage.html HTTP/1.1"
200 402

Second login:
127.0.0.1 - - [31/Oct/2001:11:07:50 1000] "GET /logintest/ HTTP/1.1" 302 654
127.0.0.1 - - [31/Oct/2001:11:07:50 1000] "GET /logintest/index.html HTTP/1.1" 304 -
127.0.0.1 - - [31/Oct/2001:11:07:51 1000] "GET /logintest/secure/securepage.html HTTP/1.1"
302 654
127.0.0.1 - - [31/Oct/2001:11:07:53 1000] "GET /logintest/LoginForm.html HTTP/1.1" 200 679
127.0.0.1 - - [31/Oct/2001:11:07:58 1000] "POST /logintest/j_security_check HTTP/1.1" 302
654
127.0.0.1 - tomcat [31/Oct/2001:11:07:58 1000] "GET /logintest/secure/securepage.html HTTP/1.1"
304 -

As you can see, the difference is in the last line of each section:
In the first time, tomcat returns HTTP-Code 200 (OK), the second time it returns 304 (Not
Modified).

It would be great if anybody would have any suggestions how I can change this behaviour.

Thanks,

Frank

----------------------------------------------------------
Frank Eichfelder, Dipl.-Inf.
T-Systems Nova GmbH       
Entwicklungszentrum Darmstadt
Bereich EP 1 - Bamberg
Memmelsdorfer Stra├če 209a, 96052 Bamberg
Germany
MailTo:frank.eichfelder@t-systems.de
----------------------------------------------------------


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message