You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Homer, Brad" <Br...@fnf.com> on 2006/09/19 17:18:26 UTC
Solution suggestion for Invalid direct reference to form login page
Just some feedback for a new configurable feature which would solve a
common issue - you can take it or leave it.
Problem Description:
====================
It's very easy to bookmark the form login page of a protected Tomcat
application. Most users (even experienced ones) automatically assume
something is wrong with the Web application when subsequent visits to
the application produce an Error 400.
We have a demo application that we quickly put together on a Tomcat
server but we are now going to move it to WebSphere because the ease of
innocently generating error 400's is not acceptable to us.
We used Tomcat 4.1, but I see the Internet is filled with many Tomcat
developers complaining of this issue even with versions 5.5 and 6
Solution Suggestion:
====================
A configurable redirect to be performed under the covers when a user
(innocently) directly references the form login would eliminate this
issue. For example, we could configure Tomcat to redirect to the root
of the domain if a user directly references the form login via a
bookmark. When they click their bookmark, Tomcat would say to itself
"nope...not allowed - I'll redirect you to the root of the domain per my
default configuration setting" Then, Tomcat would say "nope...that's
protected - let me send you to the form login" - and voila - a happy
user.
Brad Homer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org