[Fwd: Tomcat 3_3-M2 URL Session Rewriting?]

[Thomas Riemer <to...@58k.com>]

Let me correct this bug report - it looks like something broke between
3.3 m1 and 3.3 m2.

Authentication always brings up a "Basic" Authentication form,
regardless of my authentication method
specified.

My first guess is that the bug was introduced in
AccessInterceptor.java.     Looking at the diffs in CVS
I don't see anything obvious.   Maybe I'm looking in the wrong place....

Any thoughts?

-Tom

Thomas Riemer wrote:

> I'm trying to get 3.3 M2 URL Session rewriting to work.
>
> My server.xml includes:
>
>        <SessionId cookiesFirst="false" noCookies="false" />
>
> My web.xml includes:
>
> <login-config>
>  <auth-method>FORM</auth-method>
>  <realm-name>SOMEREALM</realm-name>
>  <form-login-config>
>        <form-login-page>/login.jsp</form-login-page>
>        <form-error-page>/login.jsp</form-error-page>
>   </form-login-config>
>  </login-config>
>
> My login form looks like:
>
> <FORM name='loginForm' method="POST" action='<%=
> response.encodeURL("j_security_check")%>'>
> <input TYPE="text" NAME="j_username" SIZE=20 MAXLENGTH=40 tabindex=1>
> <INPUT TYPE="password" NAME="j_password" SIZE=20 tabindex=2>
> </FORM>
>
> Here is the behavior I'm seeing:
> 1) with cookies turned on for my browser, I get a "Basic" Auth popup
> request for authentication.
>       I don't really understand why I am getting this, since I've
> specifically indicated FORM as my auth-method
>
> 2) When I turn on cookies on my browser, and change SessionID on
> server.xml to:
>  <SessionId cookiesFirst="true" noCookies="false" />
>
>       I get a form page and authentication works fine.
>
> I'm wondering if anyone has URL Session rewriting with auth FORM
> working?
> If so, is there any experiences you can offer to help me out with
> getting URL session rewriting to work.
>
> -Tom