tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid...@pidster.com>
Subject Re: Tomcat 6.x security-constraint redirection problem... please help!
Date Fri, 16 Jan 2009 11:40:09 GMT
Christopher Schultz wrote:
> Pid,
> 
> Pid wrote:
>> There's a couple of things that may be confusing the config below, which
>> have some simple corrections.
> 
>> I usually place "login.jsp" and "error.jsp" in "WEB-INF/login/", where
>> they are protected from unwanted attention by default - this avoids the
>> need to protect them with a security-contstraint.
> 
> Agreed. I've found that when using Tomcat to serve static content, these
> things tend to happen. The reason is that Tomcat saves the first
> unauthorized request and then repeats it after successful
> authentication. If the last request was for something like a CSS file
> (say, because the CSS file was protected, but the main page wasn't),
> then you'll end up being served the CSS file after login. It can be very
> disorienting.
> 
>> Tomcat returns the *first* file you requested inside the secured area
>> after authentication is completed.  So for some reason your browser is
>> requesting a script or CSS file before the JSP page.
> 
> For some reason, I thought it was the most recent request it saved.
> First makes more sense; thanks for mentioning it.

I have an app with a page which contains a flash object (displays a nice
graph) that calls a groovy script periodically to get data.

If the user session times out in between requests for the script then
when it's requested it's the first one after de-auth, so it becomes the
target that is re-established after re-login, (obviously not useful for
users).

I've been attempting to stop the periodic request by monitoring the
session period, but haven't had time to properly address it yet. :(

p


> -chris
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message