This week's book giveaways are in the Jython/Python and Object-Oriented programming forums.
We're giving away four copies each of Machine Learning for Business: Using Amazon SageMaker and Jupyter and Object Design Style Guide and have the authors on-line!
See this thread and this one for details.
Win a copy of Machine Learning for Business: Using Amazon SageMaker and JupyterE this week in the Jython/Python forum
or Object Design Style Guide in the Object-Oriented programming forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
  • Knute Snortum
Sheriffs:
  • Liutauras Vilda
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Joe Ess
  • salvin francis
  • fred rosenberger

Tomcat realm target URL

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all!

One question regarding Tomcat:

We are using an own implementation of the JDBC realm for authentication.
Now my question: Is it possible to configure a default target URL after a successful login process (like I know it from Spring Security)?
 
Saloon Keeper
Posts: 6079
154
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It should redirect automatically to whichever URL was being accessed that was protected and for which the need for authentication arose.
 
Saloon Keeper
Posts: 21625
147
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch, Helge!

Personally, I don't like to force people to a specific page after login. It makes bookmarking secured pages difficult. However, within limits, it can be done.

First, this isn't just a Tomcat thing, it's any JEE container security managed webapp. So what works for Tomcat works also for WebSphere and Wildfly.

There is no such thing as a login event in JEE. That's because login isn't considered to be part of the app, but rather part of a possibly larger security environment such as Single Signon. In an SSO Realm, you could have done your actual login to a completely different application, but once you're in the realm you're also logged into Tomcat. In extreme cases, you could even get SSO from a user's Windows login. Note also that login isn't a separate URL request in JEE, it's a transparent interception of a normal URL request. So once logged in, the server's normal followup is to serve the original URL that triggered the login request.

So this isn't a foolproof solution that works at all times and in all places.

What you can do, however, is detect a change in login status when a webapp request is processed using a request listener.

A logged in user will always return the user login id when you invoke getRemoteUser(). If a user is not logged in, getRemoteUser() returns null, as does getUserPrincipal(). So when a user session exists you can define a session property to hold the user ID and when a URL request is made, check that property against the getRemoteUser() value. If the saved value is null and the getRemoteUser value is not, the user has just logged in. Save the remote user ID into the session and redirect the URL. Conversely, if the remote user ID becomes null, the user has been logged out. But at that point, the session will probably have been destroyed as well, so any session you see would likely be a new session.
 
Helge Wiemann
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Moores wrote:It should redirect automatically to whichever URL was being accessed that was protected and for which the need for authentication arose.



My problem is unfortunately the following:

The page before the login has the URL ...#index. After the login via the realm, he cuts off the #index which is necessary for me.
I cannot get control of this cut of. Therefore it would be great to tell the realm a real URL to go to
 
Tim Holloway
Saloon Keeper
Posts: 21625
147
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"#index" refers to a specific named anchor element on the target webpage, not the webpage itself. But as far as I'm aware, the entire URL - including parameters, references and appendages such as ";jsessionid" should have been cached by the login service and restored in its entirety.

Regardless, if you're going to the expected page, but losing the reference, you might work around that by having an onload javascript that jumps to the "index" anchor tag.
 
I'm so happy! And I wish to make this tiny ad happy too:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!