The thing is not that I WANT to go to the welcome.jsp page; I want to go to
the Login.jsp page after a successful authentication, but it is,
/incorrectly/, going to the welcome.jsp page afterwards. Welcome.jsp is not
supposed to be secured, why would I want to put it in a "protected area"?
At 11:01 AM 2/5/2001 +0100, you wrote:
>Then ln the welcome.jsp file in a protected area. Or in windows copy it.
>
>Klaus
>
>-----Opprinnelig melding-----
>Fra: Gerald Gutierrez [mailto:[EMAIL PROTECTED]]
>Sendt: 3. februar 2001 01:58
>Til: Orion-Interest
>Emne: RE: Form Login bouncing me to welcome page!
>
>
>
>Well I don't want the welcome.jsp page to be secured; anyone should be able
>to view that file. But if someone tries to hit Login.jsp, I want him to
>have to log in before continuing.
>
>Do I still need welcome.jsp to be in a security constraint?
>
>
>At 08:30 AM 2/2/2001 -0500, you wrote:
> >there should have been a entry for welcome.jsp under <security-contraints>
> >for example:
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Unnamed</web-resource-name>
> > <url-pattern>/welcome.jsp</url-pattern>
> >
> > > -----Original Message-----
> > > From: Gerald Gutierrez [SMTP:[EMAIL PROTECTED]]
> > > Sent: Thursday, February 01, 2001 4:34 PM
> > > To: Orion-Interest
> > > Subject: Re: Form Login bouncing me to welcome page!
> > >
> > > I agree that is the correct sequence, but that is not what I get. Assume
>I
> > >
> > > have a welcome file defined called welcome.jsp.
> > >
> > > The sequence of events is:
> > >
> > > - User requests secured page /Login.jsp
> > > - User is redirected to LoginForm.jsp
> > > - User enters correct credentials
> > > - User is logged in
> > > - User is displayed the contents of welcome.jsp.
> > >
> > > OR:
> > >
> > > - User requests secured page /Login.jsp
> > > - User is redirected to LoginForm.jsp
> > > - User enters INCORRECT credentials
> > > - User is NOT logged in
> > > - User is STILL displayed the contents of welcome.jsp.
> > >
> > > I also had the case where I didn't have a welcome file defined, but had
> > > directory browsing enabled, and I get the directory contents after doing
> > > the above sequences. This doesn't seem right to me, but I can't figure
>out
> > >
> > > what is wrong.
> > >
> > > What can cause this?
> > >
> > > Gerald.
> > >
> > >
> > > At 09:30 AM 2/1/2001 -0700, you wrote:
> > > >The sequence of events is:
> > > > - The user requests a secured page (/Login.jsp, in your case).
> > > > - The server intercepts the request and redirects to the form-based
> > > > login page (LoginForm.jsp)
> > > > - If the user logs in successfully, the server allows the original
> > > > request to proceed (ie. Login.jsp is displayed).
> > > >
> > > >So if by "the welcome page" you mean the Login.jsp page, then that is
>as
> > > >expected. If you see something else, then this could possibly be the
> > > >result of something you do on that page (such as redirection).
> > > >
> > > >Nick
> > > >
> > > >At 10:19 PM 1/31/01 -0800, you wrote:
> > > >
> > > >>I've searched the mailing list, but there doesn't seem to be
>information
> > >
> > > >>on this. I'm a little desparate now.
> > > >>
> > > >>I'm using a form-based login for my web application. When a user hits
> > > >>Login.jsp, s/he must log in. I have the LoginForm.jsp and
>LoginError.jsp
> > >
> > > >>files in / of my context root. This redirection to the LoginForm.jsp
> > > does
> > > >>occur, but regardless of whether the user logged in successfully or
>not,
> > >
> > > >>he is dumped back to the welcome page. The actual logging in is
> > > >>successful, i.e. if he provided the correct credentials, he's logged
>in,
> > >
> > > >>but still dumped back to the welcome page.
> > > >>
> > > >>Here is the relevant portion of my web.xml:
> > > >>
> > > >> <security-constraint>
> > > >> <web-resource-collection>
> > > >> <web-resource-name>LoginTrigger</web-resource-name>
> > > >> <description>LoginTrigger</description>
> > > >> <url-pattern>/Login.jsp</url-pattern>
> > > >> <http-method>GET</http-method>
> > > >> <http-method>POST</http-method>
> > > >> </web-resource-collection>
> > > >> <auth-constraint>
> > > >> <role-name>portal_gamer</role-name>
> > > >> </auth-constraint>
> > > >> </security-constraint>
> > > >>
> > > >> <login-config>
> > > >> <auth-method>FORM</auth-method>
> > > >> <realm-name>default</realm-name>
> > > >> <form-login-config>
> > > >> <form-login-page>LoginForm.jsp</form-login-page>
> > > >> <form-error-page>LoginError.jsp</form-error-page>
> > > >> </form-login-config>
> > > >> </login-config>
> > > >>
> > > >> <security-role>
> > > >> <role-name>portal_gamer</role-name>
> > > >> </security-role>
> > > >>
> > > >>Which part of the magic am I missing?
> > > >
> > >
> > >
> > >
> >
> >---------------------------------------------------------------------------
>---
> >CONFIDENTIALITY NOTICE: If you have received this e-mail in error, please
> >immediately notify the sender by e-mail at the address shown. This e-mail
> >transmission may contain confidential information. This information is
> >intended only for the use of the individual(s) or entity to whom it is
> >intended even if addressed incorrectly. Please delete it from your files
> >if you are not the intended recipient. Thank you for your compliance.
> >
> >++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
