Return-Path: 
 <tomcat-dev-return-38751-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org
Received: (qmail 13866 invoked from network); 21 Jan 2004 16:27:10 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 21 Jan 2004 16:27:10 -0000
Received: (qmail 40205 invoked by uid 500); 21 Jan 2004 16:26:57 -0000
Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org
Received: (qmail 40165 invoked by uid 500); 21 Jan 2004 16:26:56 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-dev-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-dev-help@jakarta.apache.org>
List-Post: <mailto:tomcat-dev@jakarta.apache.org>
List-Id: "Tomcat Developers List" <tomcat-dev.jakarta.apache.org>
Reply-To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 40149 invoked from network); 21 Jan 2004 16:26:56 -0000
Received: from unknown (HELO inet1.latinia.com) (195.219.119.252)
  by daedalus.apache.org with SMTP; 21 Jan 2004 16:26:56 -0000
Received: from fserver.latinia.ofi (localhost [127.0.0.1])
	by inet1.latinia.com (8.11.2/8.11.2) with ESMTP id i0LGQwp32537
	for <tomcat-dev@jakarta.apache.org>; Wed, 21 Jan 2004 17:26:58 +0100
content-class: urn:content-classes:message
Subject: FORM based authentication referer
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C3E03B.ED69FA86"
Date: Wed, 21 Jan 2004 17:30:48 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Message-ID: <08D24238C349BA41B74EE383F5FC9B011C1175@fserver.latinia.ofi>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: FORM based authentication referer
Thread-Index: AcPgOpHCHOtCUE8pT42sPo/MG4O1UQAAOAvQ
From: =?iso-8859-1?Q?Ricardo_Garc=EDa?= <rgarcia@latinia.com>
To: "Tomcat-dev (E-mail)" <tomcat-dev@jakarta.apache.org>
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

------_=_NextPart_001_01C3E03B.ED69FA86
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Here's some starting context for my question ....

I have a war file that has been configured to use FORM based =
authentication.
I have set the <form-login-page> in the web.xml of the war file to point =
to
a jsp file in my war file.  When a user invokes any jsp without being =
logged=20
in the login jsp is displayed.  The user enters the
userid/password submits the page to j_security_check, is validated and
redirected to the requested page.

My question is ...

Has anyone ever tried discovering the page that the user is trying to =
access
from within the jsp page referenced as the <form-login-page>?  I have =
tried
checking the HTTP headers and session, but have not discovered it being
saved anywhere.  Usually when a page invokes another page the HTTP =
header
REFERER exists with the URL to the previous page.  I have noticed that =
once
the user posts the login form on my login.jsp to j_security_check and is
authenticated they are redirect to the correct location .. correct =
location
being back to the page they wanted to access originally.  This would =
mean
that it has to be somewhere, but where??


------_=_NextPart_001_01C3E03B.ED69FA86--