tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shaun Senecal <ssenecal.w...@gmail.com>
Subject Re: failed FORM authentication redirects to /j_security_check
Date Fri, 27 Aug 2010 01:38:52 GMT
Currently the only content in the HTML file is a script tag, since I
am using GWT for the UI.  I dont think there is any way I can set a
class/id on a script tag, so I went with the empty DIV and put a known
id on it.  You're right though, I could have reused an existing
element for this purpose as well.



On Thu, Aug 26, 2010 at 5:17 PM, Pid <pid@pidster.com> wrote:
> On 26/08/2010 02:14, Shaun Senecal wrote:
>> Thanks for the response Chris.
>>
>> You're right.  Jetty does a redirect, so on the client-side the
>> browser sees "/login.html?error=true".  Since this isn't happening in
>> Tomcat, I am unable to retrieve the query string client side.  As you
>> indicated my login page is static html and I am relying on client-side
>> processing to interpret the query string.  I ended up working around
>> the issue by creating a loginerror.html which is identical to
>> login.html except that I have added a hidden DIV to the
>> loginerror.html.  I can then search for the hidden DIV to determine if
>> there was a login failure or not.  Not pretty, but it works!
>
> If you're using client-side scripting, why not just set a class or id on
> the body for each type, instead of the hidden div?
>
>
> p
>
>
>> Thanks
>>
>> Shaun
>>
>>
>> On Wed, Aug 25, 2010 at 10:17 PM, Christopher Schultz
>> <chris@christopherschultz.net> wrote:
>> Shaun,
>>
>> On 8/23/2010 4:56 AM, Shaun Senecal wrote:
>>>>> I'm using FORM authentication, and everything seems to be working
>>>>> (logins are accepted, etc), except when there was an error the URL
>>>>> changes in the users browser to point to j_security_check.
>>
>> This is expected.
>>
>>>>> The
>>>>> contents of the redirect to j_security_check contains login.html, so
>>>>> the user is able to login as expected, but my "error=true" query
>>>>> string is not passed along.
>>
>> How are you checking? If you are forwarding to a .html page, you
>> probably don't have any dynamic content in there, and therefore have no
>> options for checking for things like request parameters.
>>
>>>>> Is there something obvious I am doing
>>>>> wrong here?  I got it working under Jetty as a sanity test, but I need
>>>>> to get it working in Tomcat too...
>>
>> It's possible that Jetty performs a redirect (to login.html?error=true)
>> during a failed login and Tomcat performs a forward, which is entirely
>> server-side. The result is that the client never sees the "error=true"
>> and therefore only server-side components will be able to see it.
>>
>> -chris
>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message