• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Tomcat - Form based declarative Security

 
Ranch Hand
Posts: 1066
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am using Tomcat 4.1.30 on Windows 2000 Prof. The following is my web.xml.

Whenever the user tries to access any JSP page in the application at random in a new browser,without logging in first, (by copying and pasting the url, if he knows!), my application redirects the user to a login page.I am using FORM based authentication.

After logging in successfully, Tomcat always seems to be displaying the JSP page or URL which he initially requested.

But I am interested in displaying the Welcome page(search.jsp) listed in the web.xml, which happens to be the JSP page in my application, which has the correct navigational links.

Any ideas of how to do this?

thanx,
Vishwa

 
Ranch Hand
Posts: 166
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is the way form based security works. The container is only required to request security credentials when a secured resource is requested. It does not handle page navigation. To do what you are attempting you may need to include a session variable that is set in the search.jsp. Then in the other pages if the session variable is not set automattically redirect them back to the search.jsp. If you search the tomcat documentation you will find additional details on form based security. java.sun.com is a good resource as well.
 
Vishwa Kumba
Ranch Hand
Posts: 1066
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Jeremy,
But I thought all real applications used out there might be requiring the same functionality as my application. After a successful login, it makes sense to redirect the user to the Welcome Page.(the first page in your application with the appropriate navigation links and data loaded) and not to the URL/resource that the user requested initially.

Regds,
Vishwa
 
Vishwa Kumba
Ranch Hand
Posts: 1066
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The reason I am curious is that I discovered something strange yesterday
in Tomcat with Form based authentication. My understanding was also the same about Form-based authentication.

If I have an image tag at the top of my form in the login.jsp used for
by the form authentication, then the user gets redirected to the welcome page mentioned in the web.xml after a successful login and not to the original URL that the user typed in the new browser window!

<img src="" width="" height="">

I have using Tomcat 4.1.30 on Windows Prof.

I cannot believe that this empty image has solved my problem, but I wonder if this is this a bug or a feature in Tomcat, or is it something that I am missing fundamentally in understanding the concept of Form-Based Authentication in Application Servers?
reply
    Bookmark Topic Watch Topic
  • New Topic