tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Strauß <t.stra...@srs-management.de>
Subject AW: AW: FormAuthentication Valve changes fail with RequestListeners?
Date Wed, 04 Apr 2012 14:45:44 GMT
> -----Ursprüngliche Nachricht-----
> Von: André Warnier [mailto:aw@ice-sa.com]
> Gesendet: Dienstag, 3. April 2012 14:07
> An: Tomcat Users List
> Betreff: Re: AW: FormAuthentication Valve changes fail with
> RequestListeners?
>
> Thomas Strauß wrote:
> ...
>
> >>>
> >>> We have not succeeded so far. I want to give you some more
> >>> information what happens, the context.xml and the web.xml
> >>>
> >>> What we have changed versus the existing setup, working on 7.0.11
> >>> - We have moved the login.jsp into the protection domain (was
> >>> outside before). This did not remove the issue.
> >>> - We have changed the preemptiveAuthentication setting. This did not
> >>> remove the issue.
> >>>
> >>> This is the flow through the system that we can see:
> >>>
> >>> Client sends request to /portal
> >>>
> >>>        /portal is not protected
> >>>        /portal/jsp/main.jsp is welcome page and protected (see
> >>> web.xml)
> >>>        portal context configures formauthentication on the
> >>> protection domain
> >>>        Tomcat redirects/forwards incoming call to /jsp/login.jsp
> >>> (protected
> >>> resource)
> >>>
>
> I have not followed in the details, and maybe I am talking out of turn
> here, but isn't there a "loop" problem if the login.jsp page is itself
> protected ?
> (Like it will trigger the authentication, which will trigger a redirect to
> login.jsp, which will trigger the authentication, which will... etc.)
>

there is no difference if the jsp is in or out of the protection domain. Actually we moved
the jsp inside the domain following a hint from the list :-)



> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message