You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Jeff Wishnie <je...@deluxebiz.com> on 2002/09/18 00:56:10 UTC

How to access the request that triggered FORM authentication?

I am using FORM authentication in my web-app, hosted in Tomcat 4.1.10

I want to vary the contents of the login screen depending on what resource was requested. 

I have configured a servlet as the form-login-page so that I can forward the request to any number of appropriate login pages. But to do this I need the URL of the original request that triggered the authentication.

Problem is I can't see anyway to get at this--looking through the source, the FormAuthenticator saves this info into the Session as a SavedRequest object.

Problem is the SavedRequest object is part of the Catalina classloader, not available to webapps.

I _think_ I can probably hack this by extracting the SavedRequest.class from catalina.jar and putting it in common/classes and then just retrieve it from the session, but man is this a hack.

Is there a more civilized way to get at this information from within my login-form-page servlet?

Thanks,

Jeff

Re: How to access the request that triggered FORM authentication?

Posted by Ben Walding <be...@walding.com>.

(Courtesy of Tim Funk)

See section 9.8 of the spec:
A web application may specify that when errors occur, other resources in 
the application are used. These resources are specified in the 
deployment descriptor. If the location of the error handler is a servlet 
or a JSP, the following request attributes can be set:
- javax.servlet.error.status_code
- javax.servlet.error.exception_type
- javax.servlet.error.message
- javax.servlet.error.exception
- javax.servlet.error.request_uri

In your JSP or servlet, use request.getAttribute("...") for any of the 
above to get more details about the error. Then you can forward() or 
"whatever" based on your business logic.


Jeff Wishnie wrote:

>I am using FORM authentication in my web-app, hosted in Tomcat 4.1.10
>
>I want to vary the contents of the login screen depending on what resource was requested. 
>
>I have configured a servlet as the form-login-page so that I can forward the request to any number of appropriate login pages. But to do this I need the URL of the original request that triggered the authentication.
>
>Problem is I can't see anyway to get at this--looking through the source, the FormAuthenticator saves this info into the Session as a SavedRequest object.
>
>Problem is the SavedRequest object is part of the Catalina classloader, not available to webapps.
>
>I _think_ I can probably hack this by extracting the SavedRequest.class from catalina.jar and putting it in common/classes and then just retrieve it from the session, but man is this a hack.
>
>Is there a more civilized way to get at this information from within my login-form-page servlet?
>
>Thanks,
>
>Jeff
>  
>




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>