« Bend, Oregon | Main | Browser/Plugin Detec... »
20021126 Tuesday November 26, 2002

Form-Based Authentication I posted the following message to the tomcat-user group yesterday:

On Tomcat 4/5, I am able to use the following configuration in my 
web.xml:

<login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/login.jsp?error=true</form-error-page>
  </form-login-config>
</login-config>

However, I know that there are app servers out there that do not support
this - the form-error-page MUST be a different JSP.  So I'm wondering,
is there a value I can grab in my login.jsp that tells me the URL of the
protected resource the user is trying to get to?

I tried <%=request.getRequestURL()%>, but that gives me .../login.jsp -
and I am expecting welcome.do.

I know iPlanet used to set a cookie and I could use that as described
here.

Thanks,

Matt

Craig McClanahan responded with the following answer - which was just the information I was looking for:

There is no portable mechanism to acquire the request URL that was originally requested, nor any guarantee that this is even possible. All you know is that the container has detected that a protected URL was requested, and that there was no currently authenticated user.

So the lesson learned is that if you want to make your webapp portable across different app servers, use two separate pages for the login and login-error pages. Posted in Java at Nov 26 2002, 05:38:44 AM MST 2 Comments

Comments:

I'm not clear on how "you 'must' have a different login error page" relates to "what page was the user refused access to"? On a side-note, we use the BreadCrumbFilter in Roller to get the "what page did they ask for" information. It's rather a work-around, but I noticed Dave found a use for it elsewhere in Roller (I forget where).

Posted by Lance on November 26, 2002 at 08:43 AM MST #

Your posting saved me alot of trouble chasing dead-ends. Thanks :) I was having a similar problem using JRun 4 (my app is Struts-based). I solved it by calling request.getRequestURL() in my action class (i.e. before any forwards occur), and passing the value to a request attribute. I then retrieve the request attribute in my JSP page.

Posted by V. Bilton on February 12, 2003 at 01:06 PM MST #

Post a Comment:
  • HTML Syntax: Allowed