Hi,
I am using Tomcat 4.1.30 on Windows 2000 Prof.
Whenever the user tries to access any JSP page in the application at random in a new browser,without logging in first, (by copying and pasting the url, if he knows!), my application redirects the user to a login page.I am using FORM based authentication.
After logging in successfully, Tomcat always seems to be displaying the JSP page or URL which he initially requested.
But I am interested in displaying the Welcome page(search.jsp) listed in the web.xml, which happens to be the JSP page in my application, which has the correct navigational links.
Any ideas of how to do this?
The following is my web.xml.
thanx,
Vishwa
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet>
<servlet-name>TestServlet</servlet-name>
<display-name>This is the display name of my J2EE component</display-name>
<description>This is the description of my J2EE component</description>
<servlet-class>mypack.TestServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/servlet/TestServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>/jsp/search.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Second Web Protected Resources</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>upgrades</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/autoLogin.jsp</form-login-page>
<form-error-page>/jsp/autoLoginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>upgrades</role-name>
</security-role>
</web-app>
-
Tomcat - Form based declarative Security (3 messages)
- Posted by: Vishwa Kumba
- Posted on: October 06 2004 06:59 EDT
Threaded Messages (3)
- more details... by Vishwa Kumba on October 06 2004 07:05 EDT
- Tomcat - Form based declarative Security by Nicolas Dobler on October 06 2004 09:54 EDT
- Tomcat - Form based declarative Security by Nicolas Dobler on October 06 2004 10:15 EDT
-
more details...[ Go to top ]
- Posted by: Vishwa Kumba
- Posted on: October 06 2004 07:05 EDT
- in response to Vishwa Kumba
The first JSP page is search.jsp in my application (mentioned in the welcome file list in web.xml). This contains the correct navigational links and also loads some data into the session. It is essential that the user is redirected to this JSP page always after a successful login.
Would appreciate any help on this,
thanx,
Vishwa -
Tomcat - Form based declarative Security[ Go to top ]
- Posted by: Nicolas Dobler
- Posted on: October 06 2004 09:54 EDT
- in response to Vishwa Kumba
I have the same problem!
The only solution I could find is some artifact (custom tag, include, method in action superclass with struts, etc.) that checks the session have some attribute. If not, it redirects the user to a specified page.
I don't like this solution very much. I'd really like to have a session start or logon event that automatically executes when the user logs in and put there that logic you mention (session set up, redirect to proper pages, audit, etc.) -
Tomcat - Form based declarative Security[ Go to top ]
- Posted by: Nicolas Dobler
- Posted on: October 06 2004 10:15 EDT
- in response to Nicolas Dobler