> -----Ursprüngliche Nachricht----- > Von: André Warnier [mailto:a...@ice-sa.com] > Gesendet: Dienstag, 3. April 2012 14:07 > An: Tomcat Users List > Betreff: Re: AW: FormAuthentication Valve changes fail with > RequestListeners? > > Thomas Strauß wrote: > ... > > >>> > >>> We have not succeeded so far. I want to give you some more > >>> information what happens, the context.xml and the web.xml > >>> > >>> What we have changed versus the existing setup, working on 7.0.11 > >>> - We have moved the login.jsp into the protection domain (was > >>> outside before). This did not remove the issue. > >>> - We have changed the preemptiveAuthentication setting. This did not > >>> remove the issue. > >>> > >>> This is the flow through the system that we can see: > >>> > >>> Client sends request to /portal > >>> > >>> /portal is not protected > >>> /portal/jsp/main.jsp is welcome page and protected (see > >>> web.xml) > >>> portal context configures formauthentication on the > >>> protection domain > >>> Tomcat redirects/forwards incoming call to /jsp/login.jsp > >>> (protected > >>> resource) > >>> > > I have not followed in the details, and maybe I am talking out of turn > here, but isn't there a "loop" problem if the login.jsp page is itself > protected ? > (Like it will trigger the authentication, which will trigger a redirect to > login.jsp, which will trigger the authentication, which will... etc.) >
there is no difference if the jsp is in or out of the protection domain. Actually we moved the jsp inside the domain following a hint from the list :-) > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
