Tomcat 6.x security-constraint redirection problem... please help!

Tue, 13 Jan 2009 17:03:43 -0800 

I have defined two roles (admin, user)

    <security-role>
        <role-name>user</role-name>
    </security-role>
     <security-role>
        <role-name>administrator</role-name>
    </security-role>

each of these roles needs to access into separate modules in my webapp. For
achieving this, I have the following security-constraint in tomcat web.xml:

  <security-constraint>
        <web-resource-collection>
            <web-resource-name>Authorized Access Area</web-resource-name>
            <url-pattern>/index.jsp</url-pattern>
            <url-pattern>/login.jsp</url-pattern>
            <url-pattern>/error.jsp</url-pattern>
            <url-pattern>/app1/*</url-pattern>
            <url-pattern>*.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
        </auth-constraint>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Authorized Access Area</web-resource-name>
            <url-pattern>/index.jsp</url-pattern>
            <url-pattern>/login.jsp</url-pattern>
            <url-pattern>/error.jsp</url-pattern>
            <url-pattern>/app2/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>administrator</role-name>
        </auth-constraint>
    </security-constraint>

consider the following steps:

1. Access context/app1/app1action.jsp URL 
2. I get prompted for credentials
3. I login as normal user, and on successful login I get redirected to
app1action.jsp page (desired behavior)
4. Now, I clear my cache & sessions authentication from browser (firefox)
4. Browse into some link in app1action.jsp page pointing to some other page
eg. context/app1/anotherpage.jsp
5. Now I get prompted to relogin
6. On successful login, I expect myself to get redirected to
'anotherpage.jsp'. But instead it redirects me to the resources ( JS / img /
css ) that are included with in 'anotherpage.jsp' . eg.
context/resources/sample.js or sample.css or sample.gif ....

I spent googling on this issue for couple of  days with no luck. 

Can you please advise how to get properly redirected ?

~ Many Thanks


-- 
View this message in context: 
http://www.nabble.com/Tomcat-6.x-security-constraint-redirection-problem...-please-help%21-tp21448079p21448079.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to