tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shaun Senecal <ssenecal.w...@gmail.com>
Subject failed FORM authentication redirects to /j_security_check
Date Mon, 23 Aug 2010 08:56:30 GMT
I'm using FORM authentication, and everything seems to be working
(logins are accepted, etc), except when there was an error the URL
changes in the users browser to point to j_security_check.  The
contents of the redirect to j_security_check contains login.html, so
the user is able to login as expected, but my "error=true" query
string is not passed along.  Is there something obvious I am doing
wrong here?  I got it working under Jetty as a sanity test, but I need
to get it working in Tomcat too...


Using:
FF 3.6.8
Tomcat 6.0.26

web.xml:
	<login-config>
		<auth-method>FORM</auth-method>
		<form-login-config>
			<form-login-page>/login.html</form-login-page>
			<form-error-page>/login.html?error=true</form-error-page>
		</form-login-config>
	</login-config>

	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Unprotected Resources</web-resource-name>
			<url-pattern>/favicon.ico</url-pattern>
			<url-pattern>/login.html</url-pattern>
		</web-resource-collection>
		<user-data-constraint>
			<transport-guarantee>CONFIDENTIAL</transport-guarantee>
		</user-data-constraint>
	</security-constraint>

	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Protected Resources</web-resource-name>
			<url-pattern>/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>*</role-name>
		</auth-constraint>
		<user-data-constraint>
			<transport-guarantee>CONFIDENTIAL</transport-guarantee>
		</user-data-constraint>
	</security-constraint>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message