Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 45516 invoked from network); 25 Nov 2006 11:02:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 25 Nov 2006 11:02:46 -0000 Received: (qmail 81414 invoked by uid 500); 25 Nov 2006 11:02:40 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 81034 invoked by uid 500); 25 Nov 2006 11:02:38 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 81023 invoked by uid 99); 25 Nov 2006 11:02:38 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Nov 2006 03:02:38 -0800 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of olivier.nouguier@gmail.com designates 66.249.92.168 as permitted sender) Received: from [66.249.92.168] (HELO ug-out-1314.google.com) (66.249.92.168) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Nov 2006 03:02:11 -0800 Received: by ug-out-1314.google.com with SMTP id h2so914608ugf for ; Sat, 25 Nov 2006 03:01:46 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=aafDvHsPKTgtB19BoKFFXfiUoGH0Qen0v3aAnlqfuNQLx89xx92q20xESS2zMUEOtw7U6iLyuRunEfcPkp0/zxiquoDCH04LNx8fznkIVd1oaz11nRZvZR9NncF+HEVdzKpL1bjlQgy3XKrMkRzAHNpE/f4ldZopiHqfG6G9ExU= Received: by 10.67.21.11 with SMTP id y11mr8702396ugi.1164452506513; Sat, 25 Nov 2006 03:01:46 -0800 (PST) Received: by 10.66.250.2 with HTTP; Sat, 25 Nov 2006 03:01:46 -0800 (PST) Message-ID: <2e851c270611250301r4ca44fb0xfde48888aa546ed4@mail.gmail.com> Date: Sat, 25 Nov 2006 12:01:46 +0100 From: "olivier nouguier" To: "Tomcat Users List" Subject: Re: Realms In-Reply-To: <20061125002917.6726.qmail@web30007.mail.mud.yahoo.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_90369_28978184.1164452506398" References: <2e851c270611241247q51999681kf52590b38abcb9fc@mail.gmail.com> <20061125002917.6726.qmail@web30007.mail.mud.yahoo.com> X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_90369_28978184.1164452506398 Content-Type: text/plain; charset=WINDOWS-1252; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On 11/25/06, Asare Samuel wrote: > > Thank you for your speedly reply. Let me get this straight are you saying > you can't access the login page directly and that the only thing that sho= uld > be accessed directly is the item (ie page)your are protecting. Yes definitively, when using FORM scheme ! If so, you have hit the nail on the head. I am currently allowing the use= r > to access the login page first, and then the system passes users to the > secured page. This is wrong according to your mail??? Yap, all you have to is to point on a secured resource, the user will be redirected (internaly aka forward (tomcat > 5)) to the login page! sam > > > olivier nouguier wrote: > hi, > You are using the FORM authentication scheme! > This scheme imply that: > 1: a secured resource is accessed. > 2: login (error-page) is given > 3: login occures > 4: secured resource (1) is given (with a GET !) > > 408 error code may occurs if: > a - login page is access directly ( starting at stage 2). > b - session expired between stage 2 and 3. > > To avoid (a) you should set error-page hidden ( eg /WEB-INF/jsp/login.jsp= ) > if tomcat > 5 > The treat (b) you should have a custom 408 error page > > HIH > > On 11/24/06, Asare Samuel wrote: > > > > I have put a realm on a page on one of my Html pages using the FORM > based > > realm. 1-sometimes i get this message: message HTTP Status 408 - > > The time allowed for the login process has been exceeded. If you wish t= o > > continue you must either click back twice and re-click the link you > > requested or close and re-open your browser description The client did > > not produce a request within the time that the server was prepared to > wait > > (The time allowed for the login process has been exceeded. If you wish > to > > continue you must either click back twice and re-click the link you > > requested or close and re-open your browser). 2-If I have already > > loged-in and I login again, i get the following: > > > > HTTP Status 404 - /LeeOasis/html/j_security_check > > > > type Status report > > message /LeeOasis/html/j_security_check > > description The requested resource (/LeeOasis/html/j_security_check) is > > not available. > > > > Please help > > > > > > --------------------------------- > > Try the all-new Yahoo! Mail . "The New Version is radically easier to > use" > > =96 The Wall Street Journal > > > > > > -- > "Souviens-toi qu'au moment de ta naissance tout le monde =E9tait dans la > joie > et toi dans les pleurs. > Vis de mani=E8re qu'au moment de ta mort, tout le monde soit dans les ple= urs > et toi dans la joie." > > > Send instant messages to your online friends http://uk.messenger.yahoo.co= m > --=20 "Souviens-toi qu'au moment de ta naissance tout le monde =E9tait dans la jo= ie et toi dans les pleurs. Vis de mani=E8re qu'au moment de ta mort, tout le monde soit dans les pleur= s et toi dans la joie." ------=_Part_90369_28978184.1164452506398--