Form-Based Authentication
I posted the following message to the tomcat-user group yesterday:
On Tomcat 4/5, I am able to use the following configuration in myweb.xml
: <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login.jsp?error=true</form-error-page> </form-login-config> </login-config> However, I know that there are app servers out there that do not support this - the form-error-page MUST be a different JSP. So I'm wondering, is there a value I can grab in my login.jsp that tells me the URL of the protected resource the user is trying to get to? I tried<%=request.getRequestURL()%>
, but that gives me .../login.jsp - and I am expecting welcome.do. I know iPlanet used to set a cookie and I could use that as described here. Thanks, Matt
Craig McClanahan responded with the following answer - which was just the information I was looking for:
There is no portable mechanism to acquire the request URL that was originally requested, nor any guarantee that this is even possible. All you know is that the container has detected that a protected URL was requested, and that there was no currently authenticated user.
So the lesson learned is that if you want to make your webapp portable across different app servers, use two separate pages for the login and login-error pages.
Posted by Lance on November 26, 2002 at 02:43 PM MST #
Posted by V. Bilton on February 12, 2003 at 07:06 PM MST #