tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anil Paul" <a_pa...@hotmail.com>
Subject Re: Re: Problem with POST and FORM based authentication
Date Wed, 06 Feb 2002 14:49:12 GMT
Thanks for replying. I've checked this and the login page is fine.
======
<html>
<body>
<h4>Please login:</h4>
<form method="POST" action="j_security_check">
  <input type="text" name="j_username">
  <input type="password" name="j_password">
  <input type="submit" value="OK">
</form>
</body>
</html>
======

As I wrote earlier, it correctly authenticates the user but after 
authenticating, it does not forward (or redirect, whatever) to the servlet's 
POST method. Also, if I apply the contraint for GET, it is working fine.

Every thing is working fine if I use the BASIC method instread of FORM.

I suspect that it is a bug in tomcat implementation. Can somebody please 
verify it?

thanks,
Paul.


>This is possibly a shot in the dark. But in your login.html page
have you defined <FORM METHOD="POST"...>?
>Hope this helps.
>Thanks
>RS



"Anil Paul" <a_paul1@hotmail.com> on 02/02/2002 10:58:32 AM


To:   tomcat-user@jakarta.apache.org
cc:

Subject:  Problem with POST and FORM based authentication

Dear all,
I am trying to apply a security contraint on POST requests to my
servlet. I

specifed it in my web.xml as:

<security-constraint>

   <web-resource-collection>
      <web-resource-name>posttest</web-resource-name>
      <url-pattern>/servlet/TestServlet</url-pattern>
      <http-method>POST</http-method>
   </web-resource-collection>

   <auth-constraint>...</auth-constraint>

   <user-data-constraint>...</user-data-constraint>

</security-constraint>

I defined the login config as follows:

<login-config>
   <auth-method>FORM</auth-method>
   <realm-name>testrealm</realm-name>
   <form-login-config>
     <form-login-page>/login.html</form-login-page>
     <form-error-page>/error.html</form-error-page>
   </form-login-config>
</login-config>

Problem:

When I send a POST request to TestServlet from the brower (by
submitting a
form), I get the login.html page as expected. However, when I submit
the
username/password , doGet of TestServlet is getting called instead
of
doPost()!

To be sure that my settings are all right, I changed the login-
config from
FORM to BASIC, and everything worked fine. ie., after submitting the
login
page, doPost of the servlet is called. So, it's only with the FORM
based
authentication that there is a problem.

I also tested this configuration on JRun and it also has the same
issue.
Can
somebody please throw some light on it? May be I am not doing
something
right.

Please help,
Paul.



_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message