You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by "Mark.Abbott" <Ma...@openwave.com> on 2001/04/25 19:16:10 UTC

form based authentication in Tomcat 4

Hi, didn't get a response to this question on tomcat-user
so I'll give it a try here.

In the Tomcat 4b2 implementation of form based authentication,
the redirection from a request for a protected resource to the
login page and then from the login page submission back to the
protected resource are done internally in the valve.  This makes
the browser think it is receiving a response to a request other
than the one that was actually served, and interferes with the
browser fetching other resources referred to by the served resource,
such as images or stylesheets, that may use relative URLs.

How is one supposed to deal with this issue?  It seems like it 
might be reasonable to require that one only use absolute URLs
in links from the login page, but not for any arbitrary protected
resource.

   Thanks - Mark

Re: form based authentication in Tomcat 4

Posted by "Craig R. McClanahan" <cr...@apache.org>.


On Wed, 25 Apr 2001, Mark.Abbott wrote:

> Hi, didn't get a response to this question on tomcat-user
> so I'll give it a try here.
> 
> In the Tomcat 4b2 implementation of form based authentication,
> the redirection from a request for a protected resource to the
> login page and then from the login page submission back to the
> protected resource are done internally in the valve.  This makes
> the browser think it is receiving a response to a request other
> than the one that was actually served, and interferes with the
> browser fetching other resources referred to by the served resource,
> such as images or stylesheets, that may use relative URLs.
> 
> How is one supposed to deal with this issue?  It seems like it 
> might be reasonable to require that one only use absolute URLs
> in links from the login page, but not for any arbitrary protected
> resource.
> 

You can also use the HTML <base> element, which makes the browser resolve
relative references from a base directory specified in your page:

  <html>
  <head>
    <title>My Login Page</title>
    <base href="/my/base/directory"/>      <-- Relative to server root
  </head>
  ...
  </html>

>    Thanks - Mark
> 
> 
> 

Craig