You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Vincent Delhommois <vi...@voila.fr> on 2006/02/23 10:24:12 UTC
Re: JAAS : HTTP 400 Invalid direct reference to form login ... (JAAS + Filter + j_security_check)
Thanks for the answer. You are right, I will check this solution with the ThreadLocal pattern (i don't know at all).
I used the filter and the loginModule returns always 'true' beacuse it's not easy to pass some messages 'wrong password', 'validity perdio expired', etc... to the login.jsp in case of a wrong authentification.
Thanks
PS : Do you have any example of a solution with threadlocal ?
> Message du 23/02/06 à 10h19
> De : "David Delbecq"
> A : "Tomcat Users List"
> Copie à :
> Objet : Re: JAAS : HTTP 400 Invalid direct reference to form login ... (JAAS + Filter + j_security_check)
>
> Login module should return false if not authenticated. If you need to
> store messages for the user, i'll suggest you pass them another way
> (like by using a ThreadLocal pattern)
>
> Vincent Delhommois a écrit :
>
> >Hello, I implements a solution with JAAS and userfilter on Tomcat.
> >the loginmodule return always 'true' eventhough the password is wrong. I do that to be able to return detail error messages to the login.jsp. (I use the role principal to display messages).
> >The filter is used to dispatch to the application pages or back to the login.jsp page if the authentification failed.
> >The error : " Etat HTTP 400 - Référence directe à la form de connexion (form login page) invalide " OR "HTTP 400 : Invalid direct reference to form login ..." is displayed when I first logon with a wrong password and then I relog with the correct password.
> >It seems I didnot invalidate correctly the jaas or the session after the failure.
> >Do you have any idea ?
> >Thanks
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
Re: JAAS : HTTP 400 Invalid direct reference to form login ... (JAAS
+ Filter + j_security_check)
Posted by David Delbecq <de...@oma.be>.
The most basic way i see is to have a class with 3 static methods and
one static field::
setMessage(), getMessage(), clearMessage()
private static ThreadLocal message = new ThreadLocal;
...
message.set(theMessage);
...
return (String)message.get();
your jaas would do a setMessage() and your error.jsp wouold do a
getMessage()
be carefull, this class must be visible to both you jaas and your webapp
Vincent Delhommois a écrit :
>
>Thanks for the answer. You are right, I will check this solution with the ThreadLocal pattern (i don't know at all).
>I used the filter and the loginModule returns always 'true' beacuse it's not easy to pass some messages 'wrong password', 'validity perdio expired', etc... to the login.jsp in case of a wrong authentification.
>Thanks
>PS : Do you have any example of a solution with threadlocal ?
>
>
>
>>Message du 23/02/06 à 10h19
>>De : "David Delbecq"
>>A : "Tomcat Users List"
>>Copie à :
>>Objet : Re: JAAS : HTTP 400 Invalid direct reference to form login ... (JAAS + Filter + j_security_check)
>>
>>Login module should return false if not authenticated. If you need to
>>store messages for the user, i'll suggest you pass them another way
>>(like by using a ThreadLocal pattern)
>>
>>Vincent Delhommois a écrit :
>>
>>
>>
>>>Hello, I implements a solution with JAAS and userfilter on Tomcat.
>>>the loginmodule return always 'true' eventhough the password is wrong. I do that to be able to return detail error messages to the login.jsp. (I use the role principal to display messages).
>>>The filter is used to dispatch to the application pages or back to the login.jsp page if the authentification failed.
>>>The error : " Etat HTTP 400 - Référence directe à la form de connexion (form login page) invalide " OR "HTTP 400 : Invalid direct reference to form login ..." is displayed when I first logon with a wrong password and then I relog with the correct password.
>>>It seems I didnot invalidate correctly the jaas or the session after the failure.
>>>Do you have any idea ?
>>>Thanks
>>>
>>>
>>>
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org