tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: j_security_check-behaviour - looking for workaround
Date Tue, 02 Dec 2008 14:51:24 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gregor,

Gregor Schneider wrote:
> However, if you have a webapp working with frames, this scenario does not work.
> 
> Imagine a webpage having this structure:

[snip]

> Now if the session times out, the user clicks on the menue, the url
> requested is the source of the IFrame.

This shouldn't be the case: the URL requested should be the URL of the
link that was clicked. Am I just interpreting "the source of the iframe"
incorrectly?

> After being authorized by j_security_check, it's forwared to said url
> with the consequences, that the menue (in this example) is missing,
> also all the other html "wrapped around" the IFrame.

This scanario should work: the URL being used is the one that should
provide the content for that frame. The only uglinesses that occurs are:

1. If you follow a link in a frame, your login page needs to be
   in-frame friendly.
2. If you reload the entire page, your login page needs to be
   out-of-frame friendly.

The process should still work, it just might require some customization.

> My preferred solution would be that after performing j_security_check
> always was to forward to "/index.html":

You can't do this using Tomcat's built-in authorization.
Securityfilter's cvs repo (i.e. not a release build) has this feature,
though.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkk1S2wACgkQ9CaO5/Lv0PBkYwCfTaAmWVnJM6ALgN3WJEUynYCi
6EkAoJw1iX7bQVabnxTRkEO7SzWCmakl
=eYqz
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message