• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

j_security_check query

 
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I have a "chicken and egg" type question about the JSP j_security_check
feature... I'm setting up a new Tomcat app and want to use the
j_security_check feature to manage user logins. I'm using a SQLServer (boo)
database as the backend user manager and have set up the appropriate Realms
in Tomcat. It all seems to be working tickety boo, until I come to the
question of navigation. I have my login page forms action set to
"j_security_check" which seems to be going off to SQLServer to handle the
login call, which seems to be validating my logins.

And now (at long last I hear you cry) to my question... How do I configure
my app/Tomcat to tell it what page to go to next? I can't do it in the JSP,
so that only leaves the web.xml or some other magical way. I suspect I'm
doing something stupid in my web.xml (see below). Any help on this would be
greatly apprectiated!

 
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Kev,
Don't know if this helps but what we did was:

- Set up a dummy html page as the welcome file.
- Have a rediect to a protected resource fire onload of the dummy welcome file. (This protected resource could be your 'welcome to my app' page.)
- Attempting to access the protecting resource makes the container's J2EE security handling kick in. It uses the values from your <form-login-config> to find out what page to display & where to go if theres an error.
(The user sees the login page, enters there details & submits the j_security_check request which is handled by the container.)
- If all goes well the container will then return the protected resource to the user.

I suspect that your current set up sends the container into a bit of a loop.
You've got it configured to show the Login page when the user first accesses the site, but on a successful login the container doesn't know where the user was trying to go when it displayed the login page - & probably displays the login page again.

hth, regards,
Louise
 
Kev D'Arcy
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Louise,

I managed to get around the problem by having the welcome page be a protected
resource, so when a browser tried to go to this page, it automaticaaly kicks
the browser to the login page. Once the login is completed, they end up at
the welcome page.

K
 
I am not a spy. Definitely. Definitely not a spy. Not me. No way. But this tiny ad ...
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic