• Post Reply Bookmark Topic Watch Topic
  • New Topic

j_security_check query  RSS feed

 
Kev D'Arcy
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I have a "chicken and egg" type question about the JSP j_security_check
feature... I'm setting up a new Tomcat app and want to use the
j_security_check feature to manage user logins. I'm using a SQLServer (boo)
database as the backend user manager and have set up the appropriate Realms
in Tomcat. It all seems to be working tickety boo, until I come to the
question of navigation. I have my login page forms action set to
"j_security_check" which seems to be going off to SQLServer to handle the
login call, which seems to be validating my logins.

And now (at long last I hear you cry) to my question... How do I configure
my app/Tomcat to tell it what page to go to next? I can't do it in the JSP,
so that only leaves the web.xml or some other magical way. I suspect I'm
doing something stupid in my web.xml (see below). Any help on this would be
greatly apprectiated!

 
louise rochford
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Kev,
Don't know if this helps but what we did was:

- Set up a dummy html page as the welcome file.
- Have a rediect to a protected resource fire onload of the dummy welcome file. (This protected resource could be your 'welcome to my app' page.)
- Attempting to access the protecting resource makes the container's J2EE security handling kick in. It uses the values from your <form-login-config> to find out what page to display & where to go if theres an error.
(The user sees the login page, enters there details & submits the j_security_check request which is handled by the container.)
- If all goes well the container will then return the protected resource to the user.

I suspect that your current set up sends the container into a bit of a loop.
You've got it configured to show the Login page when the user first accesses the site, but on a successful login the container doesn't know where the user was trying to go when it displayed the login page - & probably displays the login page again.

hth, regards,
Louise
 
Kev D'Arcy
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Louise,

I managed to get around the problem by having the welcome page be a protected
resource, so when a browser tried to go to this page, it automaticaaly kicks
the browser to the login page. Once the login is completed, they end up at
the welcome page.

K
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!