Re: [JBoss-user] Re: update on automatic login

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I think what Tomcat does after a post to j_security_check is look inside the
user session (private to the container - org.apache.catalina.Session) for an
attribute containing the original page that the user was trying to access.
If it cannot find it throws an error 400.  What you can do is have a custom
400 error page that redirects to somewhere.  For details see
org.apache.catalina.authenticator.FormAuthenticator where
Constants.FORM_ACTION = " j_security_check ".

        // Redirect the user to the original request URI (which will cause
        // the original request to be restored)
        requestURI = savedRequestURL(session);
        if (debug >= 1)
            log("Redirecting to original '" + requestURI + "'");
        if (requestURI == null)
            hres.sendError(HttpServletResponse.SC_BAD_REQUEST,
                           sm.getString("authenticator.formlogin"));
        else
            hres.sendRedirect(hres.encodeRedirectURL(requestURI));
        return (false);

And HttpServletResponse.SC_BAD_REQUEST=400

Hope it helps

Simone
----- Original Message -----
From: "Ken Yee" <ke...@ex...>
To: <jbo...@li...>
Sent: Wednesday, March 05, 2003 5:43 PM
Subject: [JBoss-user] Re: update on automatic login

>
> FYI, if you access your form based login page (mine is called login.jsp)
> directly from a browser, you can submit it and Tomcat/JBoss complains
> that "Invalid direct reference to form login page" but the user is
> still logged in (I can access a restricted URL w/o a login prompt),
> so it looks like that "post to login page from automatic login" servlet
> workaround will work, but it may be depending on a bug in
> Tomcat/JBoss...
>
>
>  ken
>
>
> _______________________________________________
> Join Excite! - http://www.excite.com
> The most personalized portal on the Web!
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Etnus, makers of TotalView, The
debugger
> for complex code. Debugging C/C++ programs can leave you feeling lost and
> disoriented. TotalView can help you find your way. Available on major UNIX
> and Linux platforms. Try it free. www.etnus.com
> _______________________________________________
> JBoss-user mailing list
> JBo...@li...
> https://lists.sourceforge.net/lists/listinfo/jboss-user
>