You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@roller.apache.org by fengjun <fe...@solutions.sh> on 2005/10/14 08:22:04 UTC
How can I login the Roller Site form other url directly?
hi:
I visit the url http://localhost:8080/roller/login.jsp . and putin the
userName and the password . I can't login .
But if I visit the url http://localhost:8080/roller/login-redirect.jsp .
and putin the userName and the password . I can login .
I don't know why?
what is the different?
I want to login the Roller Site form other url directly. how can I do ?
I use the tomcat.
thanks.
--
fengjun <fe...@solutions.sh>
Re: How can I login the Roller Site form other url directly?
Posted by fengjun <fe...@solutions.sh>.
--
> I visit the url http://localhost:8080/roller/login.jsp . and putin the
> userName and the password . I can't login .
>
> But if I visit the url http://localhost:8080/roller/login-redirect.jsp .
> and putin the userName and the password . I can login .
and actually , do like that(login form login.jsp), it is already have
logined. It is only saw like not login in the page . But if you click
go to the main page , and click the login url, and not to put the
password and go to main page again. and now if you reclick the login
url , it can go to editor/weblog.do. It means that it is already have
logined .
and I find that because at begin the req.getUserPrincipal() is NULL.
But it is temporary . go some page at the roller site . it will be not
NULL.
I don't why?
thanks
fengjun <fe...@solutions.sh>
Re: How can I login the Roller Site form other url directly?
Posted by fengjun <fe...@solutions.sh>.
Hi
But I see the source of the LoginFilter.java.
if (loginCookie != null)
{
RequestUtil.setCookie(response, RollerRequest.LOGIN_COOKIE,
loginCookie,
request.getContextPath());
loginCookie = Utilities.decodeString(loginCookie);
String[] value = StringUtils.split(loginCookie, '|');
UserData user = mgr.getUser( value[0] );
// authenticate user without displaying login page
String route = "/auth?j_username=" +
user.getUserName() + "&j_password=" +
user.getPassword();
request.setAttribute("encrypt", "false");
request.getSession().setAttribute("cookieLogin", "true");
if (mLogger.isDebugEnabled())
{
mLogger.debug("I remember you '" + user.getUserName() +
"', attempting to authenticate...");
}
RequestDispatcher dispatcher =
request.getRequestDispatcher(route);
dispatcher.forward(request, response);
return;
}
this code is used to autologin.
it can directly login.
so I want to create a new jsp file . and do like that .
but it is wrong.
I don't know why?
--
fengjun <fe...@solutions.sh>
Re: How can I login the Roller Site form other url directly?
Posted by Matt Raible <mr...@gmail.com>.
This is a "feature" of container-managed authentication. You have to
think of the login.jsp as a page that shouldn't see - kind of like the
popup dialog you get with basic authentication. The login.jsp only
shows up when you try to access a protected resource - so if you try
to access login.jsp - it thinks the protected resource is login.jsp
and takes you back to that page after you request it.
login-redirect.jsp, on the other hand, redirects to a *real* protected
resource.
FWIW, if we move to Acegi Security, this issue will be fixed.
http://www.rollerweblogger.org/wiki/Wiki.jsp?page=Proposal_AcegiSecurity
Matt
On 10/14/05, fengjun <fe...@solutions.sh> wrote:
>
>
> hi:
>
> I visit the url http://localhost:8080/roller/login.jsp . and putin the
> userName and the password . I can't login .
>
> But if I visit the url http://localhost:8080/roller/login-redirect.jsp .
> and putin the userName and the password . I can login .
>
> I don't know why?
>
> what is the different?
>
> I want to login the Roller Site form other url directly. how can I do ?
>
> I use the tomcat.
>
> thanks.
>
> --
> fengjun <fe...@solutions.sh>
>
>