Container Managed Authentication enhancements in Tomcat 5.0.4
When playing around with Tomcat 5.0.4 today, I noticed a couple improvements. I use container-managed security on all my apps, and there were a couple of things that annoyed me about 4.1.x:
- When the user is routed to the form-login-page, the URL (i.e. "/login.jsp") appears in their browser's address bar. Therefore, when you try to do request.getRequestURL() (to find the URL they originally requested), you're SOL - you get "/login.jsp" instead.
- I have a 400 (invalid reference to login page) error-page routing to index.jsp (which redirects to /do/mainMenu). This should allow a user to bookmark "/login.jsp" and, once authenticated, they will be routed to the mainMenu. In Tomcat 4.1.x, I get routed back to the login page, and the user has to login again to get to the mainMenu.
I'm happy to report that both of these bugs are fixed in Tomcat 5.0.4. When I'm routed to the login page, the browser's address bar says the URL I requested (/do/mainMenu), rather than "/login.jsp". Also, request.getRequestURL() does return the URL I originally requested, not the login page. This is awesome IMO b/c now users will not bookmark "/login.jsp". And even if they do type it in, my 400 error page routes them to "index.jsp" which goes to the main menu. All of this did not work in 4.1.24 and now it does in 5.0.4. I'm going to start using 5.0.4 for my dev environment. Oh yeah, Roller runs fine on it too. ;0)
Posted by suresh on October 05, 2006 at 05:47 AM MDT #
Posted by 18.104.22.168 on October 23, 2006 at 03:20 PM MDT #