You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Wiemann, Helge (ESI)" <He...@adp.com.INVALID> on 2023/07/22 15:03:50 UTC
Problem with the redirect after j_security_check
Hi all,
we are using Tomcat 9 and the still the JDBC Realm for authentication.
Our starting URL (which is protected) ends with "/boot1#index"
The form authentication is then processed through the common url j_security_check.
But after a successful login, he is not redirecting to "boot1#index" but only to "boot1", he is missing the #index but this is necessary for our application.
Any idea why he is removing this #index string or any possible solution to fix?
Best regards,
Helge
[cid:image001.png@01D9BCBE.79E020C0] <https://www.de-adp.com/>
Helge Wiemann
Application Developer
Mary-Somerville-Str. 4, DE- 28359 Bremen
T: +49 800 000 6898
Helge.Wiemann@adp.com
[LinkedIn]<https://www.linkedin.com/company/adp>[Twitter]<https://twitter.com/adp_ger>[Facebook]<https://www.facebook.com/AutomaticDataProcessing>[YouTube]<https://www.youtube.com/user/ADPDeutschland>[Instagram]<https://www.instagram.com/adp/?hl=en>
ADP Employer Services GmbH; Sitz der Gesellschaft: Neu-Isenburg; Registergericht: Amtsgericht Offenbach am Main HRB 11980;
Geschäftsführer Martijn Brand (Vorsitzender), Virginia Magliulo; Aufsichtsratsvorsitzende: Marcela Uribe
This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.
Re: Problem with the redirect after j_security_check
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Helge,
On 7/22/23 11:03, Wiemann, Helge (ESI) wrote:
> we are using Tomcat 9 and the still the JDBC Realm for authentication.
>
> Our starting URL (which is protected) ends with “/boot1#index”
>
> The form authentication is then processed through the common url
> j_security_check.
>
> But after a successful login, he is not redirecting to “boot1#index” but
> only to “boot1”, he is missing the #index but this is necessary for our
> application.
>
> Any idea why he is removing this #index string or any possible solution
> to fix?
As others have said, the browser won't send the # or anything after it.
But if you know you need to send back a # in the redirect, then your
application needs to generate that #fragment at the end of the URL.
You may wish to reconsider your use of the #fragment to maintain state,
and instead use different paths, request parameters, cookies, or some
other mechanism that HTTP *does* guarantee will be sent to the server
along with the request.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem with the redirect after j_security_check
Posted by Shawn Heisey <ap...@elyograg.org>.
On 7/22/23 12:03, Mark Thomas wrote:
> Your target URL is invalid. No user agent should be sending the
> fragment (#index) part of the URL. At best Tomcat will ignore it. Later
> versions may even reject it (I have a memory of that but don't have easy
> acces to the source code to check right now).
What I have observed about #:
If you are working in a browser, the # character and anything after it
are never sent to the webserver. That value is completely handled
within the browser, typically used to either anchor to a specific point
in the web page or provide data to javascript code running in the browser.
Thanks,
Shawn
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem with the redirect after j_security_check
Posted by Mark Thomas <ma...@apache.org>.
22 Jul 2023 17:03:50 Wiemann, Helge (ESI)
<He...@adp.com.INVALID>:
> Hi all,
>
> we are using Tomcat 9 and the still the JDBC Realm for authentication.
>
> Our starting URL (which is protected) ends with “/boot1#index”
> The form authentication is then processed through the common url
> j_security_check.
> But after a successful login, he is not redirecting to “boot1#index”
> but only to “boot1”, he is missing the #index but this is necessary for
> our application.
>
> Any idea why he is removing this #index string or any possible solution
> to fix?
Your target URL is invalid. No user agent should be sending the fragment
(#index) part of the URL. At best Tomcat will ignore it. Later versions
may even reject it (I have a memory of that but don't have easy acces to
the source code to check right now).
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org