You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by John Mikhail <jm...@ebuilt.com> on 2001/12/06 02:36:18 UTC
Authentication problem...redirected to /null
Hello,
I'm wondering if anyone can help me with an issue I'm having with my web
app. I have a web application that uses the JDBCRealm and I've defined
all the roles and what not. Here's the scenario...
If I try to access a secure page, it will take me to the login page. I
login with a valid user and then get redirected back to the secure page
with no problems now that I'm authenticated. That's not the problem.
The problem is I can also login from the home page. If I log in from
the home page with the same authenticated user, it tomcat is trying to
redirect me to <context>/null. Why is that? I have a welcome file list
defined in my web.xml. If anyone can help, it would be greatly
appreciated..
--
John Mikhail
"Codito, Ergo Sum"
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: Authentication problem...redirected to /null
Posted by Jeff Kilbride <je...@kilbride.com>.
You're not supposed to be able to reach the login page, except by accessing
a secure page. The container is then responsible for displaying the login
page and sending the user to the correct secure page, once they have been
authenticated. So, rather than having a link to your login page from your
home page, you should have a link to your main welcome page inside your
secure area. Tomcat will then send the user to the login page automatically,
if they haven't been authenticated.
What version of Tomcat are you using? Unfortunately, in TC 3.2.x (possibly
others, but I'm not sure) the container *redirects* the user to the login
page which makes it possible for the user to then bookmark that page -- thus
defeating the idea that they have to access a secure page first. The only
way I found to get around this was to put my login page in a separate
"/login" directory and then put an "index.jsp" file in that directory that
redirects to my secure area. That way, anyone who bookmarked the login page
was handled correctly. I'm not sure if this will work in other versions of
Tomcat, though.
Hope this helps!
--jeff
----- Original Message -----
From: "John Mikhail" <jm...@ebuilt.com>
To: <to...@jakarta.apache.org>
Sent: Wednesday, December 05, 2001 5:36 PM
Subject: Authentication problem...redirected to /null
> Hello,
>
> I'm wondering if anyone can help me with an issue I'm having with my web
> app. I have a web application that uses the JDBCRealm and I've defined
> all the roles and what not. Here's the scenario...
>
> If I try to access a secure page, it will take me to the login page. I
> login with a valid user and then get redirected back to the secure page
> with no problems now that I'm authenticated. That's not the problem.
> The problem is I can also login from the home page. If I log in from
> the home page with the same authenticated user, it tomcat is trying to
> redirect me to <context>/null. Why is that? I have a welcome file list
> defined in my web.xml. If anyone can help, it would be greatly
> appreciated..
>
>
> --
> John Mikhail
> "Codito, Ergo Sum"
>
>
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>