tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <>
Subject Re: How does tomcat redirect from login
Date Sun, 18 Apr 2004 00:23:09 GMT
The root cause is the servlet spec does not mandate the exposure of the asset 
  which triggered the login form. That is to say - there is no way defined by 
the spec for the login form to what resource caused the login form to appear.

This stinks since it makes personalization of the login form a little more 


Jim Kennedy wrote:

> Actually, I'm stupid here.  j_security_check is not the issue.  It's
> actually deeper in the container.  Not a part of the motor I want to touch.
> -----Original Message-----
> From: Jim Kennedy [] 
> Sent: Saturday, April 17, 2004 2:08 PM
> To: 'Tomcat Users List'
> Subject: RE: How does tomcat redirect from login
> Thanks, I'm surprised there is no way to do this.  Why wouldn't they just
> pop it in the request.  Seems very easy.  I wonder if I could find the
> source for j_security_check and make the appropriate changes.  I don't want
> to reinvent J2ee security. 
> -----Original Message-----
> From: Tim Funk []
> Sent: Saturday, April 17, 2004 1:44 PM
> To: Tomcat Users List
> Subject: Re: How does tomcat redirect from login
> There is no way to do that. Your best alternative is to NOT use
> authentication/authorization via the spec and create some Servlet Filters to
> perform the appropriate authentication and authorization checks. That way,
> the filter can be smart enough to determine you user context and handle it
> approriately.
> The upside - is the path is very portable to othre conatiners. The downside
> is you reinvent some of the wheel. Lucky for you  - there are other projects
> on the Internet which use Filters for this very purpose  - so some of your
> work might already be done.
> -Tim
> Jim Kennedy wrote:
>>I am using form based login, which is working fine for me.  I would 
>>like to display different login content (on my login form) based on 
>>the desired intent of the user.  So , if the user wants to go to a 
>>certain section of my site that is secure, I would like to capture the 
>>redirect page (the url of the secure page) before the user logs in.
>>Knowing that URL will allow me to display specific content for that 
>>section.  I have searched the session and the request scopes for 
>>something that looks like a redirect page.  Can't find anything.  Not 
> a cookie.
>>So, how does tomcat store the intended (redirect) page during the 
>>login process for "form based login".  Where is it stored?  How can I 
> it?
>>Hope I don't need to hack the source for j_security_check.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message