tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lyallex <lyal...@gmail.com>
Subject Redirecting from unprotected resource to a protected one
Date Fri, 02 Nov 2012 13:43:10 GMT
Java 1.6
Tomcat 6.0.35
Ubuntu Linux 12.04

I have an application that uses container managed security
I have set things up like this

<security-constraint>
    <display-name>Standard user constraint used for checkout and account
modification</display-name>
    <web-resource-collection>
      <web-resource-name>StandardUserConstraint</web-resource-name>
      <url-pattern>/account/*</url-pattern>
      ...
    </web-resource-collection>
    <auth-constraint>
      <role-name>stdbuyer</role-name>
    </auth-constraint>
</security-constraint

There are two concepts
A User and an Account
A User 'has an' Account

I start by setting up a user by getting username and password
and saving them to a database along with the relevant role

If I now try to access a protected resource
by making a direct request (e,g /account/somepage.jsp) the login page
appears as expected.
I can enter the relevant credentials and log in

The second phase of setting up an account is capturing the primary address
I do this by accessing an unprotected resource servlet (e.g
/common/FooServlet)
When I have validated the data I want to forward to a protected resource
like this

forwardTarget = "/account/accountView.jsp";

RequestDispatcher rd =
getServletContext().getRequestDispatcher(forwardTarget);
rd.forward(request, response);

What I was hoping would happen is that the user would be required to login
but we get to the protected resource without the login screen appearing.
I realise that I am forwarding an existing (unauthenticated) request

I could simply redirect to an 'account created log in now page' but that's
a bit naff.

Is it possible to redirect to a protected resource from an unprotected one ?

thanks

Lyallex

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message