tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Homer, Brad" <>
Subject Solution suggestion for Invalid direct reference to form login page
Date Tue, 19 Sep 2006 15:18:26 GMT
Just some feedback for a new configurable feature which would solve a
common issue - you can take it or leave it.

Problem Description:
It's very easy to bookmark the form login page of a protected Tomcat
application.  Most users (even experienced ones) automatically assume
something is wrong with the Web application when subsequent visits to
the application produce an Error 400.

We have a demo application that we quickly put together on a Tomcat
server but we are now going to move it to WebSphere because the ease of
innocently generating error 400's is not acceptable to us.

We used Tomcat 4.1, but I see the Internet is filled with many Tomcat
developers complaining of this issue even with versions 5.5 and 6

Solution Suggestion:
A configurable redirect to be performed under the covers when a user
(innocently) directly references the form login would eliminate this
issue.  For example, we could configure Tomcat to redirect to the root
of the domain if a user directly references the form login via a
bookmark.  When they click their bookmark, Tomcat would say to itself
"nope...not allowed - I'll redirect you to the root of the domain per my
default configuration setting" Then, Tomcat would say "nope...that's
protected - let me send you to the form login" - and voila - a happy

Brad Homer

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message