tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luke McMahon <mcmahonl...@hotmail.com>
Subject Problem with form based JSP authentication using Firefox with Tomcat
Date Tue, 04 Sep 2007 15:36:30 GMT
Hi there, I'm new to the list, just having some trouble getting my authentication to work with
Firefox. I'm trying to protect access to a member area in my new website, and am just using
the built in form based security for now. I'm using Tomcat 6.0.14, IE7 and Firefox 2.0.0.6.When
attempting to access the member area (/members/) the user is to be redirected to /login.jsp.
The error page is the same but with a parameter (/login.jsp?error=true). When using IE7, all
of this works just fine and after successful login, the user is sent to /members/When using
Firefox, when everything is freshly built it works the first time. If I then log out (using
session.invalidate() and being redirected to the home page) and log in again it stopsworking.
After a successful login the user is presented not with the /members/ page, but with the login
page again. Hitting refresh actually gives us the page we're after, so it seems to be caching
thelogin page 'as' the /members/ page.  ------------------------------------------Here is
a section from my web.xml:-------------------------------------------  <security-constraint>
  <display-name>Member Access</display-name>   <web-resource-collection>
   <web-resource-name>Member Access Area</web-resource-name>    <url-pattern>/members/*</url-pattern>
   <http-method>DELETE</http-method>    <http-method>GET</http-method>
   <http-method>POST</http-method>    <http-method>PUT</http-method>
  </web-resource-collection>   <auth-constraint>    <role-name>administrator</role-name>
   <role-name>member</role-name>    <role-name>student</role-name></auth-constraint>
 </security-constraint>  <login-config>   <auth-method>FORM</auth-method>
  <realm-name>Member Area</realm-name>   <form-login-config>    <form-login-page>/login.jsp</form-login-page>
   <form-error-page>/login.jsp?error=true</form-error-page>   </form-login-config>
 </login-config>  -----------------------------------------Here is my logout code:-----------------------------------------
<% session.invalidate();response.sendRedirect("/"); %>   ----------------------------------------Here
is my login code:-----------------------------------------
<form method="post" action='<%= response.encodeURL("j_security_check") %>' >
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username" /></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="j_password" /></td>
</tr>
<tr>
<td align="right"><input type="submit" value="Log In" /></td>
<td align="left"><input type="reset" /></td>
</tr>
</table></form> Note: I've tried putting the following code at the top of my login.jsp
and logout.jsp files but it doesn't seem to help:
<%
response.setHeader("Cache-Control","no-cache");
response.setHeader("Cache-Control","no-store");
response.setDateHeader("Expires", -1);
response.setHeader("Pragma","no-cache");
%> 
Thanks very much for any assistance,
Luke.        
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message