Matt RaibleMatt Raible is a Web Developer and Java Champion. Connect with him on LinkedIn.

The Angular Mini-Book The Angular Mini-Book is a guide to getting started with Angular. You'll learn how to develop a bare-bones application, test it, and deploy it. Then you'll move on to adding Bootstrap, Angular Material, continuous integration, and authentication.

Spring Boot is a popular framework for building REST APIs. You'll learn how to integrate Angular with Spring Boot and use security best practices like HTTPS and a content security policy.

For book updates, follow @angular_book on Twitter.

The JHipster Mini-Book The JHipster Mini-Book is a guide to getting started with hip technologies today: Angular, Bootstrap, and Spring Boot. All of these frameworks are wrapped up in an easy-to-use project called JHipster.

This book shows you how to build an app with JHipster, and guides you through the plethora of tools, techniques and options you can use. Furthermore, it explains the UI and API building blocks so you understand the underpinnings of your great application.

For book updates, follow @jhipster-book on Twitter.

10+ YEARS


Over 10 years ago, I wrote my first blog post. Since then, I've authored books, had kids, traveled the world, found Trish and blogged about it all.

Form-Based Authentication

I posted the following message to the tomcat-user group yesterday:

On Tomcat 4/5, I am able to use the following configuration in my 
web.xml:

<login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/login.jsp?error=true</form-error-page>
  </form-login-config>
</login-config>

However, I know that there are app servers out there that do not support
this - the form-error-page MUST be a different JSP.  So I'm wondering,
is there a value I can grab in my login.jsp that tells me the URL of the
protected resource the user is trying to get to?

I tried <%=request.getRequestURL()%>, but that gives me .../login.jsp -
and I am expecting welcome.do.

I know iPlanet used to set a cookie and I could use that as described
here.

Thanks,

Matt

Craig McClanahan responded with the following answer - which was just the information I was looking for:

There is no portable mechanism to acquire the request URL that was originally requested, nor any guarantee that this is even possible. All you know is that the container has detected that a protected URL was requested, and that there was no currently authenticated user.

So the lesson learned is that if you want to make your webapp portable across different app servers, use two separate pages for the login and login-error pages.

Posted in Java at Nov 26 2002, 05:38:44 AM MST 2 Comments
Comments:

I'm not clear on how "you 'must' have a different login error page" relates to "what page was the user refused access to"? On a side-note, we use the BreadCrumbFilter in Roller to get the "what page did they ask for" information. It's rather a work-around, but I noticed Dave found a use for it elsewhere in Roller (I forget where).

Posted by Lance on November 26, 2002 at 02:43 PM MST #

Your posting saved me alot of trouble chasing dead-ends. Thanks :) I was having a similar problem using JRun 4 (my app is Struts-based). I solved it by calling request.getRequestURL() in my action class (i.e. before any forwards occur), and passing the value to a request attribute. I then retrieve the request attribute in my JSP page.

Posted by V. Bilton on February 12, 2003 at 07:06 PM MST #

Post a Comment:
  • HTML Syntax: Allowed