tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Purcell" <spurc...@vertisinc.com>
Subject Form-based authentication assistance
Date Fri, 25 Oct 2002 16:54:30 GMT
Hello,

I am trying to understand how the built-in forms validation works in tomcat 4.03 on win.

I believe that I have my web.xml file correct, (below). All appears good. If I put in a bad
username and passoword, I go to the error page, but if I successed, it throws up an error,
[Invalid direct reference to form login page].

Which makes sense, I guess it is submitting it back and the URL shows [http://localhost/altercast/j_security_check]

How do I forward the user to a good login page, if they pass the basic authentication?

My page is /loginpage.html
// here it is:
<FORM METHOD=POST ACTION=j_security_check>                      
<P><INPUT TYPE=TEXT NAME="j_username" VALUE="" SIZE=15>                    
<P><INPUT TYPE=PASSWORD NAME="j_password" VALUE="" SIZE=15>              
<INPUT TYPE=submit VALUE="  OK   ">                                  


Thanks,

    <security-constraint>
       <web-resource-collection>
          <web-resource-name>SecretProtection</web-resource-name>
          <url-pattern>/servlet/SalaryServlet</url-pattern>
          <url-pattern>/servlet/secret</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
       </web-resource-collection>
       <web-resource-collection>
          <web-resource-name>AuthenticationSnoop</web-resource-name>
          <url-pattern>/servlet/AuthenticationSnoop</url-pattern>
          <http-method>GET</http-method>
       </web-resource-collection>
       <web-resource-collection>
          <web-resource-name>loginpage.html</web-resource-name>
          <url-pattern>/altercast/loginpage.html</url-pattern>
          <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
          <role-name>manager</role-name>
       </auth-constraint>
    </security-constraint>

    <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
          <form-login-page>/loginpage.html</form-login-page>
          <form-error-page>/errorpage.html</form-error-page>
       </form-login-config>
    </login-config>

    <security-role>
       <role-name>manager</role-name>
    </security-role>
            

Scott Purcell | Developer | VERTIS | 555 Washington Ave. 4th Floor | St. Louis, MO 63101 |
T 314.588.0720 | F 314.588.0735 | spurcell@vertisinc.com | http://www.vertisinc.com

Vertis is a global powerhouse for integrated marketing and advertising solutions that seamlessly
combine advertising, direct marketing, media, imaging and progressive technology. Vertis'
products and services include: consumer and media research, media planning and placement,
creative services, digital media production, targetable insert programs, fully integrated
direct marketing programs, circulation-building newspaper products and eMarketing.




--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message