tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Tomcat6 j_security_check any parameter / sessions variable on failure?
Date Tue, 26 Feb 2013 21:43:34 GMT
Hash: SHA256


On 2/25/13 12:54 AM, Tanmoy Chatterjee wrote:
> Hello, Tech Stack: Tomcat: 6.0.35 Java: 1.6.0_18 OS: RHEL 5.3
> I am using j_security_check (JNDIRealm - LDAP authentication).
> On failure I am sending the user to a common error.jsp in the 
> application. On successful authentication of-course the page 
> requested is displayed.
> The problem is that the error.jsp is called from the application
> as well if there are any errors/ exceptions in some functionality
> (I want to avoid writing any new error pages in my application).
> In the error.jsp, is there any way to know that the failure is 
> because of j_security_check and not from anywhere else i.e does 
> tomcat add any separate sessions parameter after unsuccessful 
> j_security_check authentication which I can use for displaying
> proper error message?

You could try one of the following:

1. <form-error-page>/error.jsp?reason=auth</form-error-page>

Then, your JSP can check the "reason" request parameter. I'm not sure
if this works the way I'd expect.

2. Write a new login-error.jsp that looks like this:

  request.setAttribute("login-failed", Boolean.TRUE);
<jsp:include page="error.jsp" %>

This goes roughly the same thing, but requires a separate error file.
But at least you get to re-use all of your error.jsp page.

- -chris
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message