tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anil Paul" <a_pa...@hotmail.com>
Subject Problem with POST and FORM based authentication
Date Sat, 02 Feb 2002 16:58:32 GMT
Dear all,
I am trying to apply a security contraint on POST requests to my servlet. I 
specifed it in my web.xml as:

<security-constraint>

   <web-resource-collection>
      <web-resource-name>posttest</web-resource-name>
      <url-pattern>/servlet/TestServlet</url-pattern>
      <http-method>POST</http-method>
   </web-resource-collection>

   <auth-constraint>...</auth-constraint>

   <user-data-constraint>...</user-data-constraint>

</security-constraint>

I defined the login config as follows:

<login-config>
   <auth-method>FORM</auth-method>
   <realm-name>testrealm</realm-name>
   <form-login-config>
     <form-login-page>/login.html</form-login-page>
     <form-error-page>/error.html</form-error-page>
   </form-login-config>
</login-config>

Problem:

When I send a POST request to TestServlet from the brower (by submitting a 
form), I get the login.html page as expected. However, when I submit the 
username/password , doGet of TestServlet is getting called instead of 
doPost()!

To be sure that my settings are all right, I changed the login-config from 
FORM to BASIC, and everything worked fine. ie., after submitting the login 
page, doPost of the servlet is called. So, it's only with the FORM based 
authentication that there is a problem.

I also tested this configuration on JRun and it also has the same issue. Can 
somebody please throw some light on it? May be I am not doing something 
right.

Please help,
Paul.

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message