tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: in Tomcat container-based authN is there a way to redirect logins to a URL?
Date Fri, 08 Feb 2008 02:28:29 GMT

"Christopher Schultz" <> wrote in message
> Hash: SHA1
> Gary,
> Gary Weaver wrote:
> | I get the following error, because those two page elements are relative
> | to the webapp and not to the host part of the URL:
> |
> |  HTTP Status 404 - /caladmin/Shibboleth.sso/Login
> :(
> Yeah, the spec says:
> "The form-login-page element defines the location in the web
> ~    app where the page that can be used for login can be
> ~    found.  The path begins with a leading / and is interpreted
> ~    relative to the root of the WAR."

But more importantly, TC 5.5.x will do a forward to the login page, so it 
has to be served by Tomcat.

> Okay, there's one more trick you can try. Keep the form-login-config the
> way you have it in web.xml and add a filter (which may not work,
> either). Write a filter that always redirects to "/Shibboleth.sso/Login"
> (without adding the webapp's context path) no matter what, and install
> it so that it intercepts requests to "/Shibboleth.sso/Login" (which will
> include the context path).

This should work, but you need to configure it so that it intercepts 
forwards as well as top-level requests.

> If it works, it will take a request to /caladmin/Shibboleth.sso/Login
> (which is what Tomcat's authenticator generates) and perform a redirtect
> to the URL that you really want.
> A little hack-y, but it might work.
> Another non-filter option would be to create a JSP for the login that
> performs the redirect. That might be a bit cleaner because the logic
> will be easier to follow (rather than having to simply know that there's
> a filter out there doing evil things).

Actually, this is a little hack-y too.  Shibboleth would need to redirect to 
j_security_check if the app ever POSTs to a restricted page in order to 
replay the request with the original request body.

> Hope that helps,
> - -chris
> Version: GnuPG v1.4.8 (MingW32)
> Comment: Using GnuPG with Mozilla -
> cfMAoKGEct0vIG6Cnh5WJNMmyTyyi6R9
> =nuVm
> ---------------------------------------------------------------------
> To start a new topic, e-mail:
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message