tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steven J. Owens" <puffm...@darksleep.com>
Subject Re: Form based security
Date Fri, 14 Feb 2003 22:42:07 GMT
On Fri, Feb 14, 2003 at 03:42:21PM -0700, Sean Dockery wrote:
> Redirecting all 400 errors to your index page is a questionable practice
> because not all 400 (SC_BAD_REQUEST) errors are "Invalid direct reference
> ..." errors.  I wish that there was a legitimate configuration change to
> enable you to bookmark a login.jsp page--such as a j_success_url parameter
> which instructs Tomcat where to send users if not doing an automated login
> process.

     One thought I had, which I have yet to follow up on, is to insert
some sort of filter, either before the redirect-to-login-form or after
the login (but before the "invalid direct reference" error gets
thrown) that redirects the user to the welcome page.

Steven J. Owens
puff@darksleep.com

"I'm going to make broad, sweeping generalizations and strong,
 declarative statements, because otherwise I'll be here all night and
 this document will be four times longer and much less fun to read.
 Take it all with a grain of salt." - Me at http://darksleep.com


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message