tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pěkník Jan <Pek...@webcom.cz>
Subject RE: j_security_check problem with 2nd login
Date Wed, 24 Apr 2002 14:37:38 GMT
Hi, 

> If now some user comes back to the login screen and makes an additional
> login, j_security_check can get the destination address from the referring
page.

AFAIK, TOMCAT doesn't take destination page from referrer. TC takes it from
session, where is
stored first page that needed authentication which user tried to open not
being authenticated. :)
You can check it - look what attributes are stored in session after trying
to open protected page, but before 
submitting login form.

	-Jan

-----Original Message-----
From: Mario Rodler [mailto:mario.rodler@gmx.net]
Sent: Wednesday, April 24, 2002 9:34 AM
To: tomcat-user@jakarta.apache.org
Subject: j_security_check problem with 2nd login


I'm working on a small Projekt which needs a form based login page. Using a
j_security_check form works fine.

I also have the problem, that a user must not come back to the login page
for a second login. If she does -> j_security_check will fail with a 404
error
page. (I know why).

Does anybody know a working solution?

On my way to find a correct solution, I've read the Sun Servlet Spec '
SRV.12.5.3 Form Based Authentication', and now I think the tomcat way  is
probably
not correct.

Instead of redirecting the browser to a Login-Form, tomcat should
include/forward the LoginForm. 

If now some user comes back to the login screen and makes an additional
login, j_security_check can get the destination address from the referring
page.

Any other ideas ???

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>

---
Poíchozí zpráva neobsahuje viry.
Zkontrolováno antivirovým systémem AVG (http://www.grisoft.cz).
Verze: 6.0.351 / Virová báze: 197 - datum vydání: 19.4. 2002
 

---
Odchozí zpráva neobsahuje viry.
Zkontrolováno antivirovým systémem AVG (http://www.grisoft.cz).
Verze: 6.0.351 / Virová báze: 197 - datum vydání: 19.4. 2002
 

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message