You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Chris Ward <cw...@horizon-asset.co.uk> on 2003/12/03 16:15:48 UTC

servlet sendRedirect() to j_security_check problem

Dear all,

I'm implementing "remember me" login functionality using
FORM authentication, a LoginServlet and a Filter.
It's very much based on the code in an earlier posting to
this list

	From: Raible, Matt 
	Subject: RE: Form based security and "Remember Me" 
	Date: Fri, 21 Feb 2003 07:33:22 -0800 

My set up works fine when my <FORM> uses "j_security_check" as it's
action but using a redirect from a servlet seems to fail with
a 403 error.  I've debugged the servlet so I know it's getting
to it and doing what I expect.


In the original mail, Matt's servlet call is...

	- - - - - - - - - - - - - - - - - - - - - - - - - -
	
	String username =
request.getParameter("j_username").toLowerCase();
	String password = request.getParameter("j_password");
	
	...

	String req =
	    "j_security_check?j_username=" + 
			RequestUtils.encodeURL(username)
	    + "&j_password=" + 
			RequestUtils.encodeURL(password);

	response.sendRedirect(response.encodeRedirectURL(req));

	- - - - - - - - - - - - - - - - - - - - - - - - - -


I don't have the "RequestUtils.encodeURL()" in my version.

	a) Do I need them? - the html form seems for work
	   even if the password field is plain text when the
	   action is set to "j_security_check".
	b) Where do I get these methods?  Aren't they somewhere
	   in Struts?  Do I really have to bring down all of that
	   stuff?

For completeness here's my code...

	- - - - - - - - - - - - - - - - - - - - - - - - - -

        String req =
            "j_security_check?j_username=" + 
			request.getParameter("j_username")
            + "&j_password=" + 
			request.getParameter("j_password");
            
        response.sendRedirect(response.encodeRedirectURL(req));

	- - - - - - - - - - - - - - - - - - - - - - - - - -

Any help would be fantastic.


Best regards
Chris


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: servlet sendRedirect() to j_security_check problem

Posted by Adam Hardy <ah...@cyberspaceroad.com>.

Hi Chris,
I don't know whether that solution would ever work. I'm sure you can't 
post straight to j_security_check. Tomcat has to be aware that someone 
is trying to access a protected resource before it will invoke the login 
procedure.

Adam

On 12/03/2003 04:15 PM Chris Ward wrote:
> Dear all,
> 
> I'm implementing "remember me" login functionality using
> FORM authentication, a LoginServlet and a Filter.
> It's very much based on the code in an earlier posting to
> this list
> 
> 	From: Raible, Matt 
> 	Subject: RE: Form based security and "Remember Me" 
> 	Date: Fri, 21 Feb 2003 07:33:22 -0800 
> 
> My set up works fine when my <FORM> uses "j_security_check" as it's
> action but using a redirect from a servlet seems to fail with
> a 403 error.  I've debugged the servlet so I know it's getting
> to it and doing what I expect.
> 
> 
> In the original mail, Matt's servlet call is...
> 
> 	- - - - - - - - - - - - - - - - - - - - - - - - - -
> 	
> 	String username =
> request.getParameter("j_username").toLowerCase();
> 	String password = request.getParameter("j_password");
> 	
> 	...
> 
> 	String req =
> 	    "j_security_check?j_username=" + 
> 			RequestUtils.encodeURL(username)
> 	    + "&j_password=" + 
> 			RequestUtils.encodeURL(password);
> 
> 	response.sendRedirect(response.encodeRedirectURL(req));
> 
> 	- - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> 
> I don't have the "RequestUtils.encodeURL()" in my version.
> 
> 	a) Do I need them? - the html form seems for work
> 	   even if the password field is plain text when the
> 	   action is set to "j_security_check".
> 	b) Where do I get these methods?  Aren't they somewhere
> 	   in Struts?  Do I really have to bring down all of that
> 	   stuff?
> 
> For completeness here's my code...
> 
> 	- - - - - - - - - - - - - - - - - - - - - - - - - -
> 
>         String req =
>             "j_security_check?j_username=" + 
> 			request.getParameter("j_username")
>             + "&j_password=" + 
> 			request.getParameter("j_password");
>             
>         response.sendRedirect(response.encodeRedirectURL(req));
> 
> 	- - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> Any help would be fantastic.
> 
> 
> Best regards
> Chris
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 


-- 
struts 1.1 + tomcat 5.0.14 + java 1.4.2
Linux 2.4.20 RH9

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org