You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Patrick Dalla Bernardina <pa...@jfes.trf2.gov.br> on 2005/10/25 15:37:34 UTC

Form Authentication

Hi,

I'm using tomcat as my java web application server.

I'm having a problem with FORM login config.

As I've seen in tomcat source code, FormAuthenticator.java is  
responsible for this kind of authentication. FormAuthenticator  saves a 
request to a protected resource, redirects to form login  and, after 
login, redirects to the saved request.

My problem is when I create a portlet inside my portal that  contains 
login form which action is j_security_check. How I haven't  accessed any 
protected resource, no request is saved before login  and when 
FormAuthenticator tries to restore the saved request, the  following 
error occur:

_The request sent by the client was syntactically incorrect  (Invalid 
direct reference to form login page)._

I've changed the code that send the error to redirect to:  
request.getHeader("Referer")

It would be nice to have this functionality implemented in current 
Tomcat binaries.

Is it possible?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org