tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shaun Senecal <ssenecal.w...@gmail.com>
Subject Re: failed FORM authentication redirects to /j_security_check
Date Thu, 26 Aug 2010 01:14:10 GMT
Thanks for the response Chris.

You're right.  Jetty does a redirect, so on the client-side the
browser sees "/login.html?error=true".  Since this isn't happening in
Tomcat, I am unable to retrieve the query string client side.  As you
indicated my login page is static html and I am relying on client-side
processing to interpret the query string.  I ended up working around
the issue by creating a loginerror.html which is identical to
login.html except that I have added a hidden DIV to the
loginerror.html.  I can then search for the hidden DIV to determine if
there was a login failure or not.  Not pretty, but it works!


Thanks

Shaun


On Wed, Aug 25, 2010 at 10:17 PM, Christopher Schultz
<chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Shaun,
>
> On 8/23/2010 4:56 AM, Shaun Senecal wrote:
>> I'm using FORM authentication, and everything seems to be working
>> (logins are accepted, etc), except when there was an error the URL
>> changes in the users browser to point to j_security_check.
>
> This is expected.
>
>> The
>> contents of the redirect to j_security_check contains login.html, so
>> the user is able to login as expected, but my "error=true" query
>> string is not passed along.
>
> How are you checking? If you are forwarding to a .html page, you
> probably don't have any dynamic content in there, and therefore have no
> options for checking for things like request parameters.
>
>> Is there something obvious I am doing
>> wrong here?  I got it working under Jetty as a sanity test, but I need
>> to get it working in Tomcat too...
>
> It's possible that Jetty performs a redirect (to login.html?error=true)
> during a failed login and Tomcat performs a forward, which is entirely
> server-side. The result is that the client never sees the "error=true"
> and therefore only server-side components will be able to see it.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkx1F/oACgkQ9CaO5/Lv0PBinQCfYr3S/2sEresGix7Qcd/waAow
> ltYAoIMMm/C9xFuMS5ixJ8jlsm1ensim
> =cFJK
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message