Re: j_security_check

Sun, 03 Feb 2008 15:34:15 -0800

The second POST should still occur, but it should occur after the initial GET is recovered after authentication.
Your confusion is that you are seeing the 1st GET, when you expect (incorrectly) the POST. 


When you make the first request, you are not authenticated, which causes 
the 401 & the requirement for auth.  However, when you *do* successfully 
complete auth, you are then directed to the result of the initial 
request - which is a GET, with no params.



As Konstantin also explained, your first request could be the POST, 
complete with params, as that is where you will end up, after auth.



p



Ashok Venkat wrote:

Thanks for the detailed explanation, as you mentioned it seems that the second 
request is being ignored ,but i am not clear how come the original request is 
matching with the second request? The original is GET and the second one is 
POST? does tomcat compare just the URL strings?


----- Original Message ----
From: Konstantin Kolinko <[EMAIL PROTECTED]>
To: Tomcat Users List <users@tomcat.apache.org>
Sent: Sunday, February 3, 2008 9:39:41 AM
Subject: Re: j_security_check

You do

1) GET call

           int_result = httpClient.executeMethod( getMethod );

The server caches your request and returns html page that contains the
login form.

2) POST call

           postMethod = new PostMethod( 
"https://localhost:8444/j_security_check"; );
           int_result = httpClient.executeMethod( postMethod );

You imitate posting the login form. If the credentials are OK, tomcat answers
with a redirect to the original requested address (1).

response.sendRedirect(response.encodeRedirectURL(requestURI));

3) When the next request comes, its url is compared against the one
that was requested at the first time. If there is a match, the
_original_ request is restored and processed, but the current one is
ignored.

Thus your second POST is ignored and a cached copy of the first GET is
used instead.

You may want to look in the sources of
org.apache.catalina.authenticator.FormAuthenticator that does the
trick.

It is by design. I do not know what was wrong with 5.0 that your code
was working there.

You should change your code so that all the information be included
with the first call to TestServlet.

And the second call to the TestServlet can be changed to be a simple
GET, with no parameters. Or may be you can throw it away at all, if
you set "postMethod.setFollowRedirects(true);" on your post to
j_security_check.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


      
____________________________________________________________________________________

Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to