tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Redirection loop
Date Thu, 26 Jun 2003 05:25:29 GMT

"Jon Haugsand" <Jon-H.Haugsand@norges-bank.no> wrote in message
news:m33chynzwb.fsf@norges-bank.no...
> * Tim Funk
> > There is probably a security constraint on tlgLogin.jsp and the login
> > page is tlgLogin.jsp which invokes the security constraint and the
> > login page is tlgLogin.jsp which invokes the security constraint and
> > the login page is tlgLogin.jsp which invokes the security constraint
> > ...
> >
> > Or tlgLogin.jsp is badly coded to perform a redirect to itself based
> > on a wacky condition.
>
> Hmm, it looks reasonable, but shouldn't tomcat figure out that it you
> somehow must get through to the guard that identifies people?  Here is
> perhaps the relevant parts of web.xml.  By the way, I had Tomcat 3.2.4
> running, but am now upgrading to 4.1.24

This should make you happy, since, indeed, TC 4.1.x will figure this out and
allow access to the form-login-page even if it is otherwise protected.  The
TC 3.x line doesn't have this feature (although it would be easy enough to
add to TC 3.3.2 if anyone actually wanted it :).

>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name> Tilgangsystem</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>superuser</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/jsp/tilganger/tlgLogin.jsp</form-login-page>
> <form-error-page>/jsp/tilganger/tlgError.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> --
>  Jon Haugsand, Jon-H.Haugsand@norges-bank.no
>  http://www.norges-bank.no




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message