tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lyallex <>
Subject Redirecting from unprotected resource to a protected one
Date Fri, 02 Nov 2012 13:43:10 GMT
Java 1.6
Tomcat 6.0.35
Ubuntu Linux 12.04

I have an application that uses container managed security
I have set things up like this

    <display-name>Standard user constraint used for checkout and account

There are two concepts
A User and an Account
A User 'has an' Account

I start by setting up a user by getting username and password
and saving them to a database along with the relevant role

If I now try to access a protected resource
by making a direct request (e,g /account/somepage.jsp) the login page
appears as expected.
I can enter the relevant credentials and log in

The second phase of setting up an account is capturing the primary address
I do this by accessing an unprotected resource servlet (e.g
When I have validated the data I want to forward to a protected resource
like this

forwardTarget = "/account/accountView.jsp";

RequestDispatcher rd =
rd.forward(request, response);

What I was hoping would happen is that the user would be required to login
but we get to the protected resource without the login screen appearing.
I realise that I am forwarding an existing (unauthenticated) request

I could simply redirect to an 'account created log in now page' but that's
a bit naff.

Is it possible to redirect to a protected resource from an unprotected one ?



  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message