tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcel Stör <>
Subject Re: Request not forwarded to login page with security-constraint after session time-out
Date Thu, 26 Feb 2009 19:52:46 GMT

On 26.02.2009, at 20:13, Christopher Schultz wrote:

> Hash: SHA1
> Marcel,
> On 2/26/2009 10:21 AM, Marcel Stör wrote:
>> If I request a protected URL (manually clicking
>> link, AJAX request, etc.) *after* the session has timed out I  
>> expect an
>> automatic forwarding to the login page. As I could see while  
>> debugging,
>> the request dispatcher does indeed issue a forward() to the login  
>> page
>> but nothing happens.
> Error logs? HTTP dump? Note that Tomcat 5.0 has been unsupported for
> quite a while. I recommend planning an upgrade SOON.

I'll gather some more information...
I know. It's just that Google's GWT setup for local development ships  
with 5.0.28 embedded. We don't use 5.0 in production, don't worry.

>> I'm sure either, I saw it in some tutorial. Since I don't have a role
>> table (right, JDBCRealm complains about that, but whatever...) it
>> basically means that I don't use role based access.
> Technically speaking, no roles defined = no access. Practically
> speaking, I don't believe Tomcat forces any roles to be defined when  
> "*"
> is the role-name required by the security-constraint.

No, I only mentioned this because Tomcat throws an SQL exception  
because it tries to query a table called "" if I don't specify a role  
table in the realm config in context.xml


Marcel Stör,
Skype: marcelstoer

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message