https://issues.apache.org/bugzilla/show_bug.cgi?id=46902
Summary: LoginValave to bypass restrictions of j_security_check
Product: Tomcat 6
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
AssignedTo: [email protected]
ReportedBy: [email protected]
Created an attachment (id=23408)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=23408)
Patch-file for Tomcat's latest trunk
Implementation of the <b>Valve</b> interface forcing any request to protected
content to a pre-configured login-page if no valid session exists
Since j_security_check always forwards to the last request after presenting
the credentials, it's sometimes annoying that after a session-timeout and
re-entering the credentials, the last url requested often points to some
location which might be included in a website but should not be served on their
own (i.e. a graphics-file, some JavaScript, a css-file or similar.
This problem especially exists for website using frames / iframes.
Within LoginValve, protected paths and their default redirect-paths after
successful authentication can be specified.
Example:
<Context>
<Valve className="org.apache.catalina.valves.LoginValve"
protectedPath="/foo/baar"
redirectAfterAuth="/foo/index.html"/>
</Context>
In the example above there are two paths specified:
protectedPath - protected Path (recursive) having a default redirect
redirectAfterAuth - url to be displayed after successful authentication
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
