, Caldarale, Charles R wrote:
>>>> From: Mark Thomas [mailto:ma...@apache.org] Subject: Re: Request
>>>> not forwarded to login page with security-constraint after session
>>>> time-out
>>>>
>>>> The spec is clearer than that. The "*&quo
On 27.02.2009, at 17:38, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 2/26/2009 5:39 PM, Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org] Subject: Re: Request
not forwarded to login page with security-constraint after session
time
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 2/26/2009 7:22 PM, Caldarale, Charles R wrote:
>> From: Mark Thomas [mailto:ma...@apache.org]
>> Subject: Re: Request not forwarded to login page with
>> security-constraint after session time-out
>
>>> What
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 2/26/2009 5:39 PM, Caldarale, Charles R wrote:
>> From: Mark Thomas [mailto:ma...@apache.org] Subject: Re: Request
>> not forwarded to login page with security-constraint after session
>> time-out
>>
>> The
Marcel Stör wrote:
[...]
3. Why does it seem to be relevant that the request where
auto-forwarding-to-login-after-session-timeout fails is an AJAX request?
That was my last thought last night before I fell asleep...and my first this
morning when I woke up. And then the scales fell from my eyes
> From: Mark Thomas [mailto:ma...@apache.org]
> Subject: Re: Request not forwarded to login page with
> security-constraint after session time-out
> > What the spec is not explicit about is the combination
> > of "*" with an empty or non-existant list.
> I th
Marcel Stör wrote:
> Not sure I can follow you guys on this...A few questions, my assumption
> is that the role-issue has nothing to do with the real problem:
Correct. Chuck and I are off on our own little tangent.
> 1. Is the "*"-role issues even relevant in my context? After all, the
> security
On 26.02.2009, at 23:44, Mark Thomas wrote:
Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org]
Subject: Re: Request not forwarded to login page with
security-constraint after session time-out
The spec is clearer than that. The "*" role == all roles
defined
Caldarale, Charles R wrote:
>> From: Mark Thomas [mailto:ma...@apache.org]
>> Subject: Re: Request not forwarded to login page with
>> security-constraint after session time-out
>>
>> The spec is clearer than that. The "*" role == all roles
>> defined
> From: Mark Thomas [mailto:ma...@apache.org]
> Subject: Re: Request not forwarded to login page with
> security-constraint after session time-out
>
> The spec is clearer than that. The "*" role == all roles
> defined in web.xml.
Yes, but what it's not clear abo
Caldarale, Charles R wrote:
>> From: Marcel Stör [mailto:mar...@frightanic.com]
>> Subject: Re: Request not forwarded to login page with
>> security-constraint after session time-out
>>
>> No, I only mentioned this because Tomcat throws an SQL exception
>> beca
> From: Marcel Stör [mailto:mar...@frightanic.com]
> Subject: Re: Request not forwarded to login page with
> security-constraint after session time-out
>
> No, I only mentioned this because Tomcat throws an SQL exception
> because it tries to query a table called "&quo
On 26.02.2009, at 20:13, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcel,
On 2/26/2009 10:21 AM, Marcel Stör wrote:
If I request a protected URL (manually clicking
link, AJAX request, etc.) *after* the session has timed out I
expect an
automatic forwarding t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcel,
On 2/26/2009 10:21 AM, Marcel Stör wrote:
> If I request a protected URL (manually clicking
> link, AJAX request, etc.) *after* the session has timed out I expect an
> automatic forwarding to the login page. As I could see while debugging,
> t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gregor,
On 2/26/2009 9:59 AM, Gregor Schneider wrote:
> This looks a bit awkward to me (didn't know that this is possible),
> but I guess that's not the reason for your problem:
>
>*
This is fine. From the servlet spec SRV.13.3:
"
The auth-cons
Gregor Schneider wrote:
Marcel,
On Thu, Feb 26, 2009 at 12:16 AM, Marcel Stör wrote:
[Problem]
Upon session time-out the request is not forwarded to the login page (form
based auth). Nothing happens on the UI. However, forwarding to the login
page does work during the initially login into the
Marcel,
On Thu, Feb 26, 2009 at 12:16 AM, Marcel Stör wrote:
>
> [Problem]
> Upon session time-out the request is not forwarded to the login page (form
> based auth). Nothing happens on the UI. However, forwarding to the login
> page does work during the initially login into the application.
>
N
Up to now I had always thought I understood the security aspects of
the Servlet spec quite well. Looks like I was wrong...
[Problem]
Upon session time-out the request is not forwarded to the login page
(form based auth). Nothing happens on the UI. However, forwarding to
the login page does
18 matches
Mail list logo
