• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Bear Bibeault
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • salvin francis
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Frits Walraven
Bartenders:
  • Jj Roberts
  • Carey Brown
  • Scott Selikoff

Tomcat realm target URL

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all!

One question regarding Tomcat:

We are using an own implementation of the JDBC realm for authentication.
Now my question: Is it possible to configure a default target URL after a successful login process (like I know it from Spring Security)?
 
Saloon Keeper
Posts: 6841
163
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It should redirect automatically to whichever URL was being accessed that was protected and for which the need for authentication arose.
 
Saloon Keeper
Posts: 23272
158
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the Ranch, Helge!

Personally, I don't like to force people to a specific page after login. It makes bookmarking secured pages difficult. However, within limits, it can be done.

First, this isn't just a Tomcat thing, it's any JEE container security managed webapp. So what works for Tomcat works also for WebSphere and Wildfly.

There is no such thing as a login event in JEE. That's because login isn't considered to be part of the app, but rather part of a possibly larger security environment such as Single Signon. In an SSO Realm, you could have done your actual login to a completely different application, but once you're in the realm you're also logged into Tomcat. In extreme cases, you could even get SSO from a user's Windows login. Note also that login isn't a separate URL request in JEE, it's a transparent interception of a normal URL request. So once logged in, the server's normal followup is to serve the original URL that triggered the login request.

So this isn't a foolproof solution that works at all times and in all places.

What you can do, however, is detect a change in login status when a webapp request is processed using a request listener.

A logged in user will always return the user login id when you invoke getRemoteUser(). If a user is not logged in, getRemoteUser() returns null, as does getUserPrincipal(). So when a user session exists you can define a session property to hold the user ID and when a URL request is made, check that property against the getRemoteUser() value. If the saved value is null and the getRemoteUser value is not, the user has just logged in. Save the remote user ID into the session and redirect the URL. Conversely, if the remote user ID becomes null, the user has been logged out. But at that point, the session will probably have been destroyed as well, so any session you see would likely be a new session.
 
Helge Wiemann
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim Moores wrote:It should redirect automatically to whichever URL was being accessed that was protected and for which the need for authentication arose.



My problem is unfortunately the following:

The page before the login has the URL ...#index. After the login via the realm, he cuts off the #index which is necessary for me.
I cannot get control of this cut of. Therefore it would be great to tell the realm a real URL to go to
 
Tim Holloway
Saloon Keeper
Posts: 23272
158
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"#index" refers to a specific named anchor element on the target webpage, not the webpage itself. But as far as I'm aware, the entire URL - including parameters, references and appendages such as ";jsessionid" should have been cached by the login service and restored in its entirety.

Regardless, if you're going to the expected page, but losing the reference, you might work around that by having an onload javascript that jumps to the "index" anchor tag.
 
Let's go to the waterfront with this tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic