tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ronnie" <>
Subject FORM Login Bypassed
Date Fri, 01 Aug 2003 16:34:57 GMT

I have this web application using FORM login access but I am having problem directing the
navigation to the defined login page when user clicks on a secure link.

You see, I am using a DispatcherServlet as a navigation controller to direct users to the
correct page and the URL is coded as:

    <a href="dispatcher?action=admin">admin</a>

Where "dispatcher" is the URL name of the DispatcherServlet. In the servlet, "admin" is translated
to "/computers/admin/index.jsp" from values coded in web.xml.

Now when I declare the  protected url-pattern as "/computers/admin/*" as below, when I click
on the above link the login page is bypassed and I can access the admin index page without
logging in.

        <web-resource-name>Administration functions</web-resource-name>
<!--        <url-pattern>dispatcher?action=admin</url-pattern>    Does not
work! -->
        <!-- Anyone with one of the listed roles may access this area -->

  <!-- HTTPS/SSL-->


To overcome this I had to hardcode the link in my webpage as: <a href="/Computers/computers/admin/index.jsp">admin</a>

I wish to keep my navigation based on logical names. Is there a work-around or solution to
this problem?

Ronnie Choo

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message