tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Konstantin Kolinko" <knst.koli...@gmail.com>
Subject Re: j_security_check
Date Sun, 03 Feb 2008 17:39:41 GMT
You do

1) GET call
>             int_result = httpClient.executeMethod( getMethod );
The server caches your request and returns html page that contains the
login form.

2) POST call
>             postMethod = new PostMethod( "https://localhost:8444/j_security_check" );
>             int_result = httpClient.executeMethod( postMethod );
You imitate posting the login form. If the credentials are OK, tomcat answers
with a redirect to the original requested address (1).

response.sendRedirect(response.encodeRedirectURL(requestURI));

3) When the next request comes, its url is compared against the one
that was requested at the first time. If there is a match, the
_original_ request is restored and processed, but the current one is
ignored.

Thus your second POST is ignored and a cached copy of the first GET is
used instead.

You may want to look in the sources of
org.apache.catalina.authenticator.FormAuthenticator that does the
trick.

It is by design. I do not know what was wrong with 5.0 that your code
was working there.

You should change your code so that all the information be included
with the first call to TestServlet.

And the second call to the TestServlet can be changed to be a simple
GET, with no parameters. Or may be you can throw it away at all, if
you set "postMethod.setFollowRedirects(true);" on your post to
j_security_check.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message