tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: failed FORM authentication redirects to /j_security_check
Date Wed, 25 Aug 2010 13:17:46 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shaun,

On 8/23/2010 4:56 AM, Shaun Senecal wrote:
> I'm using FORM authentication, and everything seems to be working
> (logins are accepted, etc), except when there was an error the URL
> changes in the users browser to point to j_security_check.

This is expected.

> The
> contents of the redirect to j_security_check contains login.html, so
> the user is able to login as expected, but my "error=true" query
> string is not passed along.

How are you checking? If you are forwarding to a .html page, you
probably don't have any dynamic content in there, and therefore have no
options for checking for things like request parameters.

> Is there something obvious I am doing
> wrong here?  I got it working under Jetty as a sanity test, but I need
> to get it working in Tomcat too...

It's possible that Jetty performs a redirect (to login.html?error=true)
during a failed login and Tomcat performs a forward, which is entirely
server-side. The result is that the client never sees the "error=true"
and therefore only server-side components will be able to see it.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkx1F/oACgkQ9CaO5/Lv0PBinQCfYr3S/2sEresGix7Qcd/waAow
ltYAoIMMm/C9xFuMS5ixJ8jlsm1ensim
=cFJK
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message