You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Craig R. McClanahan" <Cr...@eng.sun.com> on 2000/11/16 23:23:44 UTC
Re: Bug or Feature? Additional parameters not passed for FORM login page
in Tomcat 3.2 b7
"Xia, Alex" wrote:
> I have been trying to retrieve additional field information from the FORM
> login page without success. Basically I am using the following login.jsp but
> could not get "my_field".
>
> <html>
> <body>
> <h1>Login page for examples</h1>
>
> <form method="POST" action="j_security_check" >
> <input type="text" name="j_username">
> <input type="password" name="j_password">
> <input type="text" name="my_field">
> <input type="submit" name="j_security_check">
> </form>
>
> <%
> System.out.println("my_field="+request.getParameter("my_field");
> %>
> </body>
> </html>
>
> The println statement always prints null.
>
> The same thing holds true if I try to use request.getParameter("my_field")
> inside the SimpleRealm.java.
>
> Nothing is said in the Servlet Spec for FORM based login NOT to pass
> additional fields. Is this a Tomcat bug?
>
No, you were right the first time ... it's a feature :-).
Why is this so? Because the form is submitted to a URL that ends in
"/j_security_check". Your page is called to create the original input form, but
the submit goes to an internal Tomcat component.
The whole idea of form based login is to make the user experience similar to
what happens when you use BASIC authentication:
* User submits a URL to a protected resource
* The login dialog "pops up"
* The server authenticates the user, and proceeds
to display the *originally* requested page
The only difference is that form based login lets you impose your own look and
feel on the input form. After the username and password are processed, control
proceeds to the originally requested page, not back to your login page.
>
> Thanks,
>
> Alex X. Xia
Craig McClanahan