tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: failed FORM authentication redirects to /j_security_check
Date Wed, 25 Aug 2010 13:17:46 GMT
Hash: SHA1


On 8/23/2010 4:56 AM, Shaun Senecal wrote:
> I'm using FORM authentication, and everything seems to be working
> (logins are accepted, etc), except when there was an error the URL
> changes in the users browser to point to j_security_check.

This is expected.

> The
> contents of the redirect to j_security_check contains login.html, so
> the user is able to login as expected, but my "error=true" query
> string is not passed along.

How are you checking? If you are forwarding to a .html page, you
probably don't have any dynamic content in there, and therefore have no
options for checking for things like request parameters.

> Is there something obvious I am doing
> wrong here?  I got it working under Jetty as a sanity test, but I need
> to get it working in Tomcat too...

It's possible that Jetty performs a redirect (to login.html?error=true)
during a failed login and Tomcat performs a forward, which is entirely
server-side. The result is that the client never sees the "error=true"
and therefore only server-side components will be able to see it.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message