Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 57158 invoked from network); 5 Feb 2008 21:27:21 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 5 Feb 2008 21:27:21 -0000 Received: (qmail 51205 invoked by uid 500); 5 Feb 2008 21:27:01 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 51180 invoked by uid 500); 5 Feb 2008 21:27:01 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 51169 invoked by uid 99); 5 Feb 2008 21:27:01 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Feb 2008 13:27:01 -0800 X-ASF-Spam-Status: No, hits=3.5 required=10.0 tests=HTML_MESSAGE,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [206.190.38.95] (HELO web50608.mail.re2.yahoo.com) (206.190.38.95) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 05 Feb 2008 21:26:32 +0000 Received: (qmail 74511 invoked by uid 60001); 5 Feb 2008 21:26:39 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID; b=sdoOQ8vFtY1NYG2UE5tXzCLtPnCrsqKeIqGLHgTLmhByh1QpCeFD4XtzmBPcnp85/L3fUFJB0fBUnM+fnUTnclABTRcq9Nwf5PQso+pbGW7Hq7kFXmGjFdKyN3jb527+Lm/I/JUM6rtyl7cYQkQiJASNgzz/H5tSKHp3e1h+ce8=; Received: from [171.69.43.124] by web50608.mail.re2.yahoo.com via HTTP; Tue, 05 Feb 2008 13:26:38 PST X-Mailer: YahooMailRC/818.31 YahooMailWebService/0.7.162 Date: Tue, 5 Feb 2008 13:26:38 -0800 (PST) From: Ashok Venkat Subject: Re: j_security_check To: Tomcat Users List MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-877033285-1202246798=:74320" Message-ID: <71626.74320.qm@web50608.mail.re2.yahoo.com> X-Virus-Checked: Checked by ClamAV on apache.org --0-877033285-1202246798=:74320 Content-Type: text/plain; charset=us-ascii Thanks much. I swapped calls 1 & 3, it works just fine. ----- Original Message ---- From: Pid To: Tomcat Users List Sent: Sunday, February 3, 2008 3:33:35 PM Subject: Re: j_security_check The second POST should still occur, but it should occur after the initial GET is recovered after authentication. Your confusion is that you are seeing the 1st GET, when you expect (incorrectly) the POST. When you make the first request, you are not authenticated, which causes the 401 & the requirement for auth. However, when you *do* successfully complete auth, you are then directed to the result of the initial request - which is a GET, with no params. As Konstantin also explained, your first request could be the POST, complete with params, as that is where you will end up, after auth. p Ashok Venkat wrote: > Thanks for the detailed explanation, as you mentioned it seems that the second request is being ignored ,but i am not clear how come the original request is matching with the second request? The original is GET and the second one is POST? does tomcat compare just the URL strings? > > > ----- Original Message ---- > From: Konstantin Kolinko > To: Tomcat Users List > Sent: Sunday, February 3, 2008 9:39:41 AM > Subject: Re: j_security_check > > You do > > 1) GET call >> int_result = httpClient.executeMethod( getMethod ); > The server caches your request and returns html page that contains the > login form. > > 2) POST call >> postMethod = new PostMethod( "https://localhost:8444/j_security_check" ); >> int_result = httpClient.executeMethod( postMethod ); > You imitate posting the login form. If the credentials are OK, tomcat answers > with a redirect to the original requested address (1). > > response.sendRedirect(response.encodeRedirectURL(requestURI)); > > 3) When the next request comes, its url is compared against the one > that was requested at the first time. If there is a match, the > _original_ request is restored and processed, but the current one is > ignored. > > Thus your second POST is ignored and a cached copy of the first GET is > used instead. > > You may want to look in the sources of > org.apache.catalina.authenticator.FormAuthenticator that does the > trick. > > It is by design. I do not know what was wrong with 5.0 that your code > was working there. > > You should change your code so that all the information be included > with the first call to TestServlet. > > And the second call to the TestServlet can be changed to be a simple > GET, with no parameters. Or may be you can throw it away at all, if > you set "postMethod.setFollowRedirects(true);" on your post to > j_security_check. > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > > ____________________________________________________________________________________ > Looking for last minute shopping deals? > Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs --0-877033285-1202246798=:74320--