tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Request not forwarded to login page with security-constraint after session time-out
Date Thu, 26 Feb 2009 19:13:33 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marcel,

On 2/26/2009 10:21 AM, Marcel Stör wrote:
> If I request a protected URL (manually clicking
> link, AJAX request, etc.) *after* the session has timed out I expect an
> automatic forwarding to the login page. As I could see while debugging,
> the request dispatcher does indeed issue a forward() to the login page
> but nothing happens.

Error logs? HTTP dump? Note that Tomcat 5.0 has been unsupported for
quite a while. I recommend planning an upgrade SOON.

> I'm sure either, I saw it in some tutorial. Since I don't have a role
> table (right, JDBCRealm complains about that, but whatever...) it
> basically means that I don't use role based access.

Technically speaking, no roles defined = no access. Practically
speaking, I don't believe Tomcat forces any roles to be defined when "*"
is the role-name required by the security-constraint.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmm6d0ACgkQ9CaO5/Lv0PCQdACeMdhQZmxMxDm0YJix89pVwoPt
MhQAoMFd8EQywZr/JAwJ0fiIyBDU+BSI
=C3//
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message