Re: j_security_check redirect after login

2007-11-09 Thread Pid
Nicholas Sushkin wrote: > On Thursday 08 November 2007, you wrote: > >> The question I had was what happens when you directly request the login >> form and successfully login. > > Tomcat will give you an error page saying something along the lines "the > login page was accessed directly". It wo

Re: j_security_check redirect after login

2007-11-08 Thread Nicholas Sushkin
On Thursday 08 November 2007, you wrote: > The question I had was what happens when you directly request the login > form and successfully login. Tomcat will give you an error page saying something along the lines "the login page was accessed directly". It won't let you login successfully. Tom

RE: j_security_check redirect after login

2007-11-08 Thread Andrew R Feller
PROTECTED] (office) 225.578.3737 -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 3:07 PM To: Tomcat Users List Subject: Re: j_security_check redirect after login -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, Andrew R Feller

Re: j_security_check redirect after login

2007-11-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, Andrew R Feller wrote: > I'm sorry but maybe I am reading a different version of the servlet > specification than you: it only explains the case where you access a > container-managed resource and then login. That would be the only case cov

RE: j_security_check redirect after login

2007-11-08 Thread Caldarale, Charles R
> From: Andrew R Feller [mailto:[EMAIL PROTECTED] > Subject: RE: j_security_check redirect after login > > I'm sorry but maybe I am reading a different version of the servlet > specification than you: it only explains the case where you access a > container-managed resourc

RE: j_security_check redirect after login

2007-11-08 Thread Propes, Barry L
ect. -Original Message- From: Andrew R Feller [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 2:42 PM To: Tomcat Users List Subject: RE: j_security_check redirect after login Christopher, I'm sorry but maybe I am reading a different version of the servlet specification t

RE: j_security_check redirect after login

2007-11-08 Thread Propes, Barry L
rts of the container that are protected, but it's likely they would get this error if they tried to do what you're describing below. -Original Message- From: David Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 1:45 PM To: Tomcat Users List Subject: Re: j_security_

RE: j_security_check redirect after login

2007-11-08 Thread Andrew R Feller
tate University [EMAIL PROTECTED] (office) 225.578.3737 -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 1:40 PM To: Tomcat Users List Subject: Re: j_security_check redirect after login -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 An

Re: j_security_check redirect after login

2007-11-08 Thread David Smith
--- From: Reich, Matthias [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 12:08 PM To: Tomcat Users List Subject: RE: j_security_check redirect after login You should also have a look at /org/apache/catalina/authenticator/FormAuthenticator.java In this class you can find the de

Re: j_security_check redirect after login

2007-11-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, Andrew R Feller wrote: > 3. It is unclear what happens in the event when a user requests the > form- >login-page directly instead of going through a container-managed >resource. > >How does j_security_check know where to redirect

RE: j_security_check redirect after login

2007-11-08 Thread Andrew R Feller
-Original Message- From: Reich, Matthias [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 12:08 PM To: Tomcat Users List Subject: RE: j_security_check redirect after login You should also have a look at /org/apache/catalina/authenticator/FormAuthenticator.java In this class you

RE: j_security_check redirect after login

2007-11-08 Thread Reich, Matthias
riginal Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 6:02 PM To: Tomcat Users List Subject: RE: j_security_check redirect after login > From: Andrew R Feller [mailto:[EMAIL PROTECTED] > Subject: j_security_check redirect after login > >

Re: j_security_check redirect after login

2007-11-08 Thread David Smith
You never directly call j_security_check. Here's how the process flow works: 1. browser attempts to load a protected page 2. tomcat saves the request and redirects the client to j_security_check for authentication 3. on successful authentication, tomcat restores the original request. So basi

RE: j_security_check redirect after login

2007-11-08 Thread Caldarale, Charles R
> From: Andrew R Feller [mailto:[EMAIL PROTECTED] > Subject: j_security_check redirect after login > > How does j_security_check know where to redirect users to after they > have logged in? Read the servlet spec; to quote from SRV.12.5.3.1: "If the form based login is invoke

j_security_check redirect after login

2007-11-08 Thread Andrew R Feller
How does j_security_check know where to redirect users to after they have logged in? I have searched for any documentation related to how j_security_check works but to no avail nor am I able to find out where in the Tomcat source code j_security_check is declared or invoked. Thanks, Andrew