Hi, I am using Tomcat 4.1.30 on Windows 2000 Prof. The following is my web.xml.
Whenever the user tries to access any JSP page in the application at random in a new browser,without logging in first, (by copying and pasting the url, if he knows!), my application redirects the user to a login page.I am using FORM based authentication.
After logging in successfully, Tomcat always seems to be displaying the JSP page or URL which he initially requested.
But I am interested in displaying the Welcome page(search.jsp) listed in the web.xml, which happens to be the JSP page in my application, which has the correct navigational links.
This is the way form based security works. The container is only required to request security credentials when a secured resource is requested. It does not handle page navigation. To do what you are attempting you may need to include a session variable that is set in the search.jsp. Then in the other pages if the session variable is not set automattically redirect them back to the search.jsp. If you search the tomcat documentation you will find additional details on form based security. java.sun.com is a good resource as well.
Joined: Aug 27, 2003
Thanks Jeremy, But I thought all real applications used out there might be requiring the same functionality as my application. After a successful login, it makes sense to redirect the user to the Welcome Page.(the first page in your application with the appropriate navigation links and data loaded) and not to the URL/resource that the user requested initially.
Joined: Aug 27, 2003
The reason I am curious is that I discovered something strange yesterday in Tomcat with Form based authentication. My understanding was also the same about Form-based authentication.
If I have an image tag at the top of my form in the login.jsp used for by the form authentication, then the user gets redirected to the welcome page mentioned in the web.xml after a successful login and not to the original URL that the user typed in the new browser window!
<img src="" width="" height="">
I have using Tomcat 4.1.30 on Windows Prof.
I cannot believe that this empty image has solved my problem, but I wonder if this is this a bug or a feature in Tomcat, or is it something that I am missing fundamentally in understanding the concept of Form-Based Authentication in Application Servers?