Discussions

Web tier: servlets, JSP, Web frameworks: Tomcat - Form based declarative Security

  1. Tomcat - Form based declarative Security (3 messages)

    Hi,
      I am using Tomcat 4.1.30 on Windows 2000 Prof.
      
    Whenever the user tries to access any JSP page in the application at random in a new browser,without logging in first, (by copying and pasting the url, if he knows!), my application redirects the user to a login page.I am using FORM based authentication.
      
    After logging in successfully, Tomcat always seems to be displaying the JSP page or URL which he initially requested.
      
    But I am interested in displaying the Welcome page(search.jsp) listed in the web.xml, which happens to be the JSP page in my application, which has the correct navigational links.
      
    Any ideas of how to do this?
    The following is my web.xml.
          
    thanx,
    Vishwa

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
    <web-app>
      <servlet>
        <servlet-name>TestServlet</servlet-name>
        <display-name>This is the display name of my J2EE component</display-name>
        <description>This is the description of my J2EE component</description>
        <servlet-class>mypack.TestServlet</servlet-class>
      </servlet>
      <servlet-mapping>
        <servlet-name>TestServlet</servlet-name>
        <url-pattern>/servlet/TestServlet</url-pattern>
      </servlet-mapping>
        
      <servlet-mapping>
        <servlet-name>TestServlet</servlet-name>
        <url-pattern>/servlet/*</url-pattern>
      </servlet-mapping>
      
      <welcome-file-list>
       <welcome-file>/jsp/search.jsp</welcome-file>
      </welcome-file-list>
      
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Second Web Protected Resources</web-resource-name>
    <url-pattern>*.jsp</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
    <role-name>upgrades</role-name>
    </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
    <form-login-page>/jsp/autoLogin.jsp</form-login-page>
    <form-error-page>/jsp/autoLoginError.jsp</form-error-page>
        </form-login-config>
    </login-config>

    <security-role>
        <role-name>upgrades</role-name>
    </security-role>
     
    </web-app>

    Threaded Messages (3)

  2. more details...[ Go to top ]

    The first JSP page is search.jsp in my application (mentioned in the welcome file list in web.xml). This contains the correct navigational links and also loads some data into the session. It is essential that the user is redirected to this JSP page always after a successful login.

    Would appreciate any help on this,

    thanx,
    Vishwa
  3. I have the same problem!
    The only solution I could find is some artifact (custom tag, include, method in action superclass with struts, etc.) that checks the session have some attribute. If not, it redirects the user to a specified page.
    I don't like this solution very much. I'd really like to have a session start or logon event that automatically executes when the user logs in and put there that logic you mention (session set up, redirect to proper pages, audit, etc.)
  4. More info: http://www.theserverside.com/news/thread.tss?thread_id=28775