File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Soft Skills: The software developer's life manual this week in the Jobs Discussion forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat - Form based declarative Security

 
Vishwa Kumba
Ranch Hand
Posts: 1066
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am using Tomcat 4.1.30 on Windows 2000 Prof. The following is my web.xml.

Whenever the user tries to access any JSP page in the application at random in a new browser,without logging in first, (by copying and pasting the url, if he knows!), my application redirects the user to a login page.I am using FORM based authentication.

After logging in successfully, Tomcat always seems to be displaying the JSP page or URL which he initially requested.

But I am interested in displaying the Welcome page(search.jsp) listed in the web.xml, which happens to be the JSP page in my application, which has the correct navigational links.

Any ideas of how to do this?

thanx,
Vishwa

 
Jeremy Wilson
Ranch Hand
Posts: 166
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is the way form based security works. The container is only required to request security credentials when a secured resource is requested. It does not handle page navigation. To do what you are attempting you may need to include a session variable that is set in the search.jsp. Then in the other pages if the session variable is not set automattically redirect them back to the search.jsp. If you search the tomcat documentation you will find additional details on form based security. java.sun.com is a good resource as well.
 
Vishwa Kumba
Ranch Hand
Posts: 1066
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jeremy,
But I thought all real applications used out there might be requiring the same functionality as my application. After a successful login, it makes sense to redirect the user to the Welcome Page.(the first page in your application with the appropriate navigation links and data loaded) and not to the URL/resource that the user requested initially.

Regds,
Vishwa
 
Vishwa Kumba
Ranch Hand
Posts: 1066
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The reason I am curious is that I discovered something strange yesterday
in Tomcat with Form based authentication. My understanding was also the same about Form-based authentication.

If I have an image tag at the top of my form in the login.jsp used for
by the form authentication, then the user gets redirected to the welcome page mentioned in the web.xml after a successful login and not to the original URL that the user typed in the new browser window!

<img src="" width="" height="">

I have using Tomcat 4.1.30 on Windows Prof.

I cannot believe that this empty image has solved my problem, but I wonder if this is this a bug or a feature in Tomcat, or is it something that I am missing fundamentally in understanding the concept of Form-Based Authentication in Application Servers?
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic