You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chris Ward <cw...@horizon-asset.co.uk> on 2003/12/03 16:15:48 UTC
servlet sendRedirect() to j_security_check problem
Dear all,
I'm implementing "remember me" login functionality using
FORM authentication, a LoginServlet and a Filter.
It's very much based on the code in an earlier posting to
this list
From: Raible, Matt
Subject: RE: Form based security and "Remember Me"
Date: Fri, 21 Feb 2003 07:33:22 -0800
My set up works fine when my <FORM> uses "j_security_check" as it's
action but using a redirect from a servlet seems to fail with
a 403 error. I've debugged the servlet so I know it's getting
to it and doing what I expect.
In the original mail, Matt's servlet call is...
- - - - - - - - - - - - - - - - - - - - - - - - - -
String username =
request.getParameter("j_username").toLowerCase();
String password = request.getParameter("j_password");
...
String req =
"j_security_check?j_username=" +
RequestUtils.encodeURL(username)
+ "&j_password=" +
RequestUtils.encodeURL(password);
response.sendRedirect(response.encodeRedirectURL(req));
- - - - - - - - - - - - - - - - - - - - - - - - - -
I don't have the "RequestUtils.encodeURL()" in my version.
a) Do I need them? - the html form seems for work
even if the password field is plain text when the
action is set to "j_security_check".
b) Where do I get these methods? Aren't they somewhere
in Struts? Do I really have to bring down all of that
stuff?
For completeness here's my code...
- - - - - - - - - - - - - - - - - - - - - - - - - -
String req =
"j_security_check?j_username=" +
request.getParameter("j_username")
+ "&j_password=" +
request.getParameter("j_password");
response.sendRedirect(response.encodeRedirectURL(req));
- - - - - - - - - - - - - - - - - - - - - - - - - -
Any help would be fantastic.
Best regards
Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: servlet sendRedirect() to j_security_check problem
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
Hi Chris,
I don't know whether that solution would ever work. I'm sure you can't
post straight to j_security_check. Tomcat has to be aware that someone
is trying to access a protected resource before it will invoke the login
procedure.
Adam
On 12/03/2003 04:15 PM Chris Ward wrote:
> Dear all,
>
> I'm implementing "remember me" login functionality using
> FORM authentication, a LoginServlet and a Filter.
> It's very much based on the code in an earlier posting to
> this list
>
> From: Raible, Matt
> Subject: RE: Form based security and "Remember Me"
> Date: Fri, 21 Feb 2003 07:33:22 -0800
>
> My set up works fine when my <FORM> uses "j_security_check" as it's
> action but using a redirect from a servlet seems to fail with
> a 403 error. I've debugged the servlet so I know it's getting
> to it and doing what I expect.
>
>
> In the original mail, Matt's servlet call is...
>
> - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> String username =
> request.getParameter("j_username").toLowerCase();
> String password = request.getParameter("j_password");
>
> ...
>
> String req =
> "j_security_check?j_username=" +
> RequestUtils.encodeURL(username)
> + "&j_password=" +
> RequestUtils.encodeURL(password);
>
> response.sendRedirect(response.encodeRedirectURL(req));
>
> - - - - - - - - - - - - - - - - - - - - - - - - - -
>
>
> I don't have the "RequestUtils.encodeURL()" in my version.
>
> a) Do I need them? - the html form seems for work
> even if the password field is plain text when the
> action is set to "j_security_check".
> b) Where do I get these methods? Aren't they somewhere
> in Struts? Do I really have to bring down all of that
> stuff?
>
> For completeness here's my code...
>
> - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> String req =
> "j_security_check?j_username=" +
> request.getParameter("j_username")
> + "&j_password=" +
> request.getParameter("j_password");
>
> response.sendRedirect(response.encodeRedirectURL(req));
>
> - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Any help would be fantastic.
>
>
> Best regards
> Chris
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
struts 1.1 + tomcat 5.0.14 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org