aspose file tools*
The moose likes Tomcat and the fly likes Tomcat - Form based declarative Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat - Form based declarative Security" Watch "Tomcat - Form based declarative Security" New topic
Author

Tomcat - Form based declarative Security

Vishwa Kumba
Ranch Hand

Joined: Aug 27, 2003
Posts: 1064
Hi,
I am using Tomcat 4.1.30 on Windows 2000 Prof. The following is my web.xml.

Whenever the user tries to access any JSP page in the application at random in a new browser,without logging in first, (by copying and pasting the url, if he knows!), my application redirects the user to a login page.I am using FORM based authentication.

After logging in successfully, Tomcat always seems to be displaying the JSP page or URL which he initially requested.

But I am interested in displaying the Welcome page(search.jsp) listed in the web.xml, which happens to be the JSP page in my application, which has the correct navigational links.

Any ideas of how to do this?

thanx,
Vishwa

Jeremy Wilson
Ranch Hand

Joined: Feb 18, 2003
Posts: 166
This is the way form based security works. The container is only required to request security credentials when a secured resource is requested. It does not handle page navigation. To do what you are attempting you may need to include a session variable that is set in the search.jsp. Then in the other pages if the session variable is not set automattically redirect them back to the search.jsp. If you search the tomcat documentation you will find additional details on form based security. java.sun.com is a good resource as well.


Jeremy Wilson
Vishwa Kumba
Ranch Hand

Joined: Aug 27, 2003
Posts: 1064
Thanks Jeremy,
But I thought all real applications used out there might be requiring the same functionality as my application. After a successful login, it makes sense to redirect the user to the Welcome Page.(the first page in your application with the appropriate navigation links and data loaded) and not to the URL/resource that the user requested initially.

Regds,
Vishwa
Vishwa Kumba
Ranch Hand

Joined: Aug 27, 2003
Posts: 1064
The reason I am curious is that I discovered something strange yesterday
in Tomcat with Form based authentication. My understanding was also the same about Form-based authentication.

If I have an image tag at the top of my form in the login.jsp used for
by the form authentication, then the user gets redirected to the welcome page mentioned in the web.xml after a successful login and not to the original URL that the user typed in the new browser window!

<img src="" width="" height="">

I have using Tomcat 4.1.30 on Windows Prof.

I cannot believe that this empty image has solved my problem, but I wonder if this is this a bug or a feature in Tomcat, or is it something that I am missing fundamentally in understanding the concept of Form-Based Authentication in Application Servers?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat - Form based declarative Security