RE: Orion FORM based authentication Configuraton problem

Mon, 26 Feb 2001 07:11:44 -0800 

If I'm reading the steps correctly, this behavior is actually fully
spec-compliant.  This is the reason I don't use FORM-based login.

j_security_check is only required to be valid immediately after an
attempt to visit a secured page.  There is no provision to be able to
re-enter credentials from the failure page, and the Orion implementation
doesn't allow it.  The user must hit the back button :-(

Also, Orion performs a forward() rather than a redirect() when a
successful login does occur.  Thus the ugly url in the user's browser.
I logged bug #126 against this issue but it was denied :-)

Jeff

>-----Original Message-----
>From: gnoht orion [mailto:[EMAIL PROTECTED]]
>Sent: Monday, February 26, 2001 3:41 AM
>To: Orion-Interest
>Subject: Re: Orion FORM based authentication Configuraton problem
>
>
>ran into same problem, i think it's a bug in orion.
>just remove the j_security_check from your action
>field and login will still work, but correct url will
>show up. can't really understand why it works this
>way, hope it helps.
>
>-t
>
>
>--- cybermaster <[EMAIL PROTECTED]> wrote:
>> When I use % authentication (1.4.5, W2K Server,
>> jdk1.3), I've got a couple
>> of problems:
>> (1) Basic setup is: /Home.jsp, link to
>> /secure/loginDummy.jsp
>> (2) User tries to get to /secure/loginDummy.jsp -
>> Orion redirects to
>> /login.jsp
>> (3) login correct works fine with /login.jsp -
>> (browser shows
>> /secure/dummyLogin as URL)
>> (4a) browser displays /secure/loginDummy.jsp - OK,
>> but: - (browser shows
>> /secure/j_security_check as URL)
>> BUT
>> (4b) if first login incorrect, Orion redirects to
>> /loginError.jsp - (browser
>> shows /secure/j_security_check as URL)
>> (5a) error again, page stays at /loginError.jsp jsp
>> - (browser shows
>> /secure/j_security_check as URL)
>> (5b) user enteres correct passwd - "ERROR 404 Not
>> Found - Resource
>> /formAuth/secure/j_security_check not found on this
>> server"
>> somehow Orion forgets the correct URL (it shouldn't
>> show j_security_check in
>> the first place, I guess). The user is actually
>> logged in, and can go to the
>> /secure/* pages at this time.
>> Peter Saurugger
>> Everest eCommerce
>> [EMAIL PROTECTED]
>> 
>> 
>> 
>
>
>__________________________________________________
>Do You Yahoo!?
>Get email at your own domain with Yahoo! Mail. 
>http://personal.mail.yahoo.com/
>
>

Reply via email to