Problem with the redirect after j_security_check

["Wiemann, Helge (ESI)" <He...@adp.com.INVALID>]

Hi all,

we are using Tomcat 9 and the still the JDBC Realm for authentication.

Our starting URL (which is protected) ends with "/boot1#index"
The form authentication is then processed through the common url j_security_check.
But after a successful login, he is not redirecting to "boot1#index" but only to "boot1", he is missing the #index but this is necessary for our application.

Any idea why he is removing this #index string or any possible solution to fix?

Best regards,

Helge



 [cid:image001.png@01D9BCBE.79E020C0] <https://www.de-adp.com/>
Helge Wiemann
Application Developer

Mary-Somerville-Str. 4, DE- 28359 Bremen
T: +49 800 000 6898

Helge.Wiemann@adp.com

[LinkedIn]<https://www.linkedin.com/company/adp>[Twitter]<https://twitter.com/adp_ger>[Facebook]<https://www.facebook.com/AutomaticDataProcessing>[YouTube]<https://www.youtube.com/user/ADPDeutschland>[Instagram]<https://www.instagram.com/adp/?hl=en>
ADP Employer Services GmbH; Sitz der Gesellschaft: Neu-Isenburg; Registergericht: Amtsgericht Offenbach am Main HRB 11980;
Geschäftsführer Martijn Brand (Vorsitzender), Virginia Magliulo; Aufsichtsratsvorsitzende: Marcela Uribe


This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.

Re: Problem with the redirect after j_security_check

[Christopher Schultz <ch...@christopherschultz.net>]

Helge,

On 7/22/23 11:03, Wiemann, Helge (ESI) wrote:
> we are using Tomcat 9 and the still the JDBC Realm for authentication.
> 
> Our starting URL (which is protected) ends with “/boot1#index”
> 
> The form authentication is then processed through the common url 
> j_security_check.
> 
> But after a successful login, he is not redirecting to “boot1#index” but 
> only to “boot1”, he is missing the #index but this is necessary for our 
> application.
> 
> Any idea why he is removing this #index string or any possible solution 
> to fix?

As others have said, the browser won't send the # or anything after it.

But if you know you need to send back a # in the redirect, then your 
application needs to generate that #fragment at the end of the URL.

You may wish to reconsider your use of the #fragment to maintain state, 
and instead use different paths, request parameters, cookies, or some 
other mechanism that HTTP *does* guarantee will be sent to the server 
along with the request.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Problem with the redirect after j_security_check

[Shawn Heisey <ap...@elyograg.org>]

On 7/22/23 12:03, Mark Thomas wrote:
> Your target URL is invalid. No user agent should be sending the  
> fragment (#index) part of the URL. At best Tomcat will ignore it. Later 
> versions may even reject it (I have a memory of that but don't have easy 
> acces to the source code to check right now).

What I have observed about #:

If you are working in a browser, the # character and anything after it 
are never sent to the webserver.  That value is completely handled 
within the browser, typically used to either anchor to a specific point 
in the web page or provide data to javascript code running in the browser.

Thanks,
Shawn

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Problem with the redirect after j_security_check

[Mark Thomas <ma...@apache.org>]

22 Jul 2023 17:03:50 Wiemann, Helge (ESI) 
<He...@adp.com.INVALID>:

> Hi all,
>
> we are using Tomcat 9 and the still the JDBC Realm for authentication.
>
> Our starting URL (which is protected) ends with “/boot1#index”
> The form authentication is then processed through the common url 
> j_security_check.
> But after a successful login, he is not redirecting to “boot1#index” 
> but only to “boot1”, he is missing the #index but this is necessary for 
> our application.
>
> Any idea why he is removing this #index string or any possible solution 
> to fix?

Your target URL is invalid. No user agent should be sending the  fragment 
(#index) part of the URL. At best Tomcat will ignore it. Later versions 
may even reject it (I have a memory of that but don't have easy acces to 
the source code to check right now).

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org