tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew R Feller" <afel...@lsu.edu>
Subject RE: j_security_check redirect after login
Date Thu, 08 Nov 2007 20:41:58 GMT
Christopher,

I'm sorry but maybe I am reading a different version of the servlet
specification than you: it only explains the case where you access a
container-managed resource and then login.

The question I had was what happens when you directly request the login
form and successfully login.  As you never requested a container-managed
resource, then how does it know where to send you.  David Smith atleast
understood it well enough to answer with the thought that the servlet
container wouldn't allow you to access the login form directly.  If that
is the case, then my worries are eased.  If not, then I will deal with
it then.

I've got enough information that I can work out the rest from here;
thanks to those that have given some useful information and not just
witty remarks.

Andrew R Feller, Analyst
Subversion Administrator
University Information Systems
Louisiana State University
afelle1@lsu.edu
(office) 225.578.3737

-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net] 
Sent: Thursday, November 08, 2007 1:40 PM
To: Tomcat Users List
Subject: Re: j_security_check redirect after login

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew,

Andrew R Feller wrote:
> 3. It is unclear what happens in the event when a user requests the
> form-
>    login-page directly instead of going through a container-managed 
>    resource.
> 
>    How does j_security_check know where to redirect the user once he
has
>    authenticated successfully?

If you're still asking, please read section 12.5.3 of the servlet
specification: it tells you exactly what the servlet container is
expected to do. It's available online from Sun's website.

If you want to see /how/ it's done, you're going to have to dig around
in the Tomcat source code.

Th reason the code is not documented is because the specification
outlines the behavior: there's no reason to document the code, etc.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHM2Yq9CaO5/Lv0PARAhzaAJ99NhIYjUUlY0seR/GDElFtDiklJQCfZrDb
5ouywvbE1WtVoKVzOKrV0II=
=B+j0
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message