You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Thomas Riemer <to...@58k.com> on 2001/03/18 05:13:54 UTC
[Fwd: Tomcat 3_3-M2 URL Session Rewriting?]
Let me correct this bug report - it looks like something broke between
3.3 m1 and 3.3 m2.
Authentication always brings up a "Basic" Authentication form,
regardless of my authentication method
specified.
My first guess is that the bug was introduced in
AccessInterceptor.java. Looking at the diffs in CVS
I don't see anything obvious. Maybe I'm looking in the wrong place....
Any thoughts?
-Tom
Thomas Riemer wrote:
> I'm trying to get 3.3 M2 URL Session rewriting to work.
>
> My server.xml includes:
>
> <SessionId cookiesFirst="false" noCookies="false" />
>
> My web.xml includes:
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>SOMEREALM</realm-name>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/login.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> My login form looks like:
>
> <FORM name='loginForm' method="POST" action='<%=
> response.encodeURL("j_security_check")%>'>
> <input TYPE="text" NAME="j_username" SIZE=20 MAXLENGTH=40 tabindex=1>
> <INPUT TYPE="password" NAME="j_password" SIZE=20 tabindex=2>
> </FORM>
>
> Here is the behavior I'm seeing:
> 1) with cookies turned on for my browser, I get a "Basic" Auth popup
> request for authentication.
> I don't really understand why I am getting this, since I've
> specifically indicated FORM as my auth-method
>
> 2) When I turn on cookies on my browser, and change SessionID on
> server.xml to:
> <SessionId cookiesFirst="true" noCookies="false" />
>
> I get a form page and authentication works fine.
>
> I'm wondering if anyone has URL Session rewriting with auth FORM
> working?
> If so, is there any experiences you can offer to help me out with
> getting URL session rewriting to work.
>
> -Tom