Hi,
I'm using tomcat as my java web application server.
I'm having a problem with FORM login config.
As I've seen in tomcat source code, FormAuthenticator.java is
responsible for this kind of authentication. FormAuthenticator saves a
request to a protected resource, redirects to form login and, after
login, redirects to the saved request.
My problem is when I create a portlet inside my portal that contains
login form which action is j_security_check. How I haven't accessed any
protected resource, no request is saved before login and when
FormAuthenticator tries to restore the saved request, the following
error occur:
_The request sent by the client was syntactically incorrect (Invalid
direct reference to form login page)._
I've changed the cod that send the error to redirect to:
request.getHeader("Referer")
It would be nice to have this functionality implemented in current
Tomcat binaries.
Is it possible?
Robert Baruch wrote:
Hi all,
I have a default install of 4.1.31 on Windows. I have two problems.
First problem is, I want to have a custom 403 Forbidden page and a
404 Page Not Found. So, in conf/web.xml, I added this after the
welcome-file-list block:
<error-page>
<error-code>403</error-code>
<location>/file_not_found.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/file_not_found.jsp</location>
</error-page>
I have also put file_not_found.jsp into webbaps/ROOT. It just looks
like this:
<% response.setStatus(200); %>
<html>
<body>
There was a problem with your request, please try again
</body>
</html>
Before anyone gets excited, my company's security policy requires
that error pages be sent using a 200 status code. Don't even get me
started :(
Anyway, it works great if I try to access a page which doesn't exist,
I get my custom page.
Now, I need to restrict Tomcat to respond only to requests that come
internally from the same machine. Thus, in server.xml I put this
inside the standalone engine config:
(existing)<Engine name="Standalone" defaultHost="localhost" debug="0">
(existing)
(added) <Valve
className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.0.0.1"/>
Problem #1: Tomcat properly rejects any access from outside the
machine, but Tomcat is only sending a blank page with a 403 status. I
would have expected my error-page block to intercept 403's and turn
them into whatever I wanted.
Problem #2: How can I get it so that any 30x, 40x, or 50x error that
I chose will result in my custom error page, regardless of where
those errors come from?
Thanks,
--Rob
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
