there should have been a entry for welcome.jsp under <security-contraints>
for example:
<security-constraint>
<web-resource-collection>
<web-resource-name>Unnamed</web-resource-name>
<url-pattern>/welcome.jsp</url-pattern>
> -----Original Message-----
> From: Gerald Gutierrez [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, February 01, 2001 4:34 PM
> To: Orion-Interest
> Subject: Re: Form Login bouncing me to welcome page!
>
> I agree that is the correct sequence, but that is not what I get. Assume I
>
> have a welcome file defined called welcome.jsp.
>
> The sequence of events is:
>
> - User requests secured page /Login.jsp
> - User is redirected to LoginForm.jsp
> - User enters correct credentials
> - User is logged in
> - User is displayed the contents of welcome.jsp.
>
> OR:
>
> - User requests secured page /Login.jsp
> - User is redirected to LoginForm.jsp
> - User enters INCORRECT credentials
> - User is NOT logged in
> - User is STILL displayed the contents of welcome.jsp.
>
> I also had the case where I didn't have a welcome file defined, but had
> directory browsing enabled, and I get the directory contents after doing
> the above sequences. This doesn't seem right to me, but I can't figure out
>
> what is wrong.
>
> What can cause this?
>
> Gerald.
>
>
> At 09:30 AM 2/1/2001 -0700, you wrote:
> >The sequence of events is:
> > - The user requests a secured page (/Login.jsp, in your case).
> > - The server intercepts the request and redirects to the form-based
> > login page (LoginForm.jsp)
> > - If the user logs in successfully, the server allows the original
> > request to proceed (ie. Login.jsp is displayed).
> >
> >So if by "the welcome page" you mean the Login.jsp page, then that is as
> >expected. If you see something else, then this could possibly be the
> >result of something you do on that page (such as redirection).
> >
> >Nick
> >
> >At 10:19 PM 1/31/01 -0800, you wrote:
> >
> >>I've searched the mailing list, but there doesn't seem to be information
>
> >>on this. I'm a little desparate now.
> >>
> >>I'm using a form-based login for my web application. When a user hits
> >>Login.jsp, s/he must log in. I have the LoginForm.jsp and LoginError.jsp
>
> >>files in / of my context root. This redirection to the LoginForm.jsp
> does
> >>occur, but regardless of whether the user logged in successfully or not,
>
> >>he is dumped back to the welcome page. The actual logging in is
> >>successful, i.e. if he provided the correct credentials, he's logged in,
>
> >>but still dumped back to the welcome page.
> >>
> >>Here is the relevant portion of my web.xml:
> >>
> >> <security-constraint>
> >> <web-resource-collection>
> >> <web-resource-name>LoginTrigger</web-resource-name>
> >> <description>LoginTrigger</description>
> >> <url-pattern>/Login.jsp</url-pattern>
> >> <http-method>GET</http-method>
> >> <http-method>POST</http-method>
> >> </web-resource-collection>
> >> <auth-constraint>
> >> <role-name>portal_gamer</role-name>
> >> </auth-constraint>
> >> </security-constraint>
> >>
> >> <login-config>
> >> <auth-method>FORM</auth-method>
> >> <realm-name>default</realm-name>
> >> <form-login-config>
> >> <form-login-page>LoginForm.jsp</form-login-page>
> >> <form-error-page>LoginError.jsp</form-error-page>
> >> </form-login-config>
> >> </login-config>
> >>
> >> <security-role>
> >> <role-name>portal_gamer</role-name>
> >> </security-role>
> >>
> >>Which part of the magic am I missing?
> >
>
>
>
------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE: If you have received this e-mail in error, please immediately
notify the sender by e-mail at the address shown. This e-mail transmission may
contain confidential information. This information is intended only for the use of
the individual(s) or entity to whom it is intended even if addressed incorrectly.
Please delete it from your files if you are not the intended recipient. Thank you for
your compliance.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
