Tuesday November 26, 2002
Tuesday November 26, 2002
Form-Based Authentication I posted the following message to the tomcat-user group yesterday:
On Tomcat 4/5, I am able to use the following configuration in myweb.xml: <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login.jsp?error=true</form-error-page> </form-login-config> </login-config> However, I know that there are app servers out there that do not support this - the form-error-page MUST be a different JSP. So I'm wondering, is there a value I can grab in my login.jsp that tells me the URL of the protected resource the user is trying to get to? I tried<%=request.getRequestURL()%>, but that gives me .../login.jsp - and I am expecting welcome.do. I know iPlanet used to set a cookie and I could use that as described here. Thanks, Matt
Craig McClanahan responded with the following answer - which was just the information I was looking for:
There is no portable mechanism to acquire the request URL that was originally requested, nor any guarantee that this is even possible. All you know is that the container has detected that a protected URL was requested, and that there was no currently authenticated user.
So the lesson learned is that if you want to make your webapp portable across different app servers, use two separate pages for the login and login-error pages. Posted in Java at Nov 26 2002, 05:38:44 AM MST 2 Comments
Search This Site
Recent Entries
- Happy Birthday Mom!
- 2008 - A Year in Review
- Portland Tech Meetup Tomorrow Night
- My "almost slept in a snow cave" Adventure with Clint Foster
- My Christmas Travel Adventure
- AppFuse Light converted to Maven modules, upgraded to Tapestry 5 and Stripes 1.5
- Dojo/Comet support in Java Web Frameworks
- Abbie is a Blue Skier!
- How I recovered data from my failed Linux box
- Costa Rica was Awesome!
Posted by Lance on November 26, 2002 at 07:43 AM MST #
Posted by V. Bilton on February 12, 2003 at 12:06 PM MST #