tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig Berry" <Craig.Be...@portblue.com>
Subject RE: tomcat global login
Date Wed, 16 Apr 2003 16:31:39 GMT
You don't ever link directly to the login page when using form-based
authentication.  Instead, you link to the protected resource that you
want them to arrive at after authentication; if they are not yet
authenticated, the security system intervenes and redirects them to the
login page, which submits to j_security_check, which (if all goes well)
redirects back to the original target page.

Now here's a question:  Suppose the original page in the process above
was POSTing data to the protected page.  (This could happen not only
from an unprotected page's form, but from a protected-page form if the
session times out.)  Is there any way to keep the POSTed data from being
lost during the authentication redirects?

-----Original Message-----
From: Riyaz Mansoor [mailto:rmanchu@yahoo.com] 
Sent: Wednesday, April 16, 2003 1:59 AM
To: tomcat-user@jakarta.apache.org
Subject: tomcat global login



hi

i'm using SingleSingOn for users to authenticate accross multiple
applications.

i can direct a user form a protected page NOT on the same context as the
login page, to the login page. however, after the login info is filled
and submitted i get the following error.


HTTP Status 400 - Invalid direct reference to form login page
------------------------------------------------------------------------
----
----

type Status report

message Invalid direct reference to form login page

description The request sent by the client was syntactically incorrect
(Invalid direct reference to form login page).

------------------------------------------------------------------------
----
----
Apache Tomcat/4.1.18-LE-jdk14


below is the login configuration for pages in the same context as the
login page. this configuration works fine.
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.jsp</form-error-page>
    </form-login-config>

below is the login configuration for pages NOT in the same context as
the login page. this configuration has the problem i described above.
    <form-login-config>
      <form-login-page>/../auth/login.jsp</form-login-page>
      <form-error-page>/../auth/error.jsp</form-error-page>
    </form-login-config>


how can i solve this?

please help.

riyaz


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message