This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
here, i want to use JEE container based security for my application. Here i have configured realm in tomcat and in my application and validating user and role succeeded but the problem is i'm not getting how to redirect to my home page after completion of j_security_check
in my page i'm getting fallowing error
HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser
please helm me anyone
thanks to advance all...... :rolleyes
Container security is totally transparent. When a user requests a protected URL and is not logged in, the container (Tomcat) takes over, putting the original request on hold, sending out the login page and processing the results (userid/password). Once the user has validated, Tomcat then takes the original request off hold and continues processing as though login had never been requested.
There is no such thing as a login event or anything similar in container security. The security mechanism is a general mechanism and therefore must be able to handle situations where the user was already validated before making requests to the webapp. For example, in a single-signon environment.
It's also rather rude to hijack a request and send it somewhere else just because a login was forced. I happen to like sites where I can bookmark often-used URLs, regardless of whether those URLs are secured URLs or not.
However, for those who insist on forcing a request to be abandoned in favor of a post-login "home" page, there is a trick you can use. Create a servlet filter. Make it check incoming requests. If there is no session, create one and store the HttpServletRequest getRemoteUser value (or obtain userId from UserPrincipal). If the session already existed, check to see if the previously stored userId is null, if there was no session, act as though the previously stored userId was null. If the previously stored userId was null AND the current request userId is NOT null, the user has just logged in, so redirect the incoming URL request to go to your "home" page.
An IDE is no substitute for an Intelligent Developer.