Re: Login.jsp Manipulation
Ok...with the help of Carey I have gotten to know the code a bit
better...but still need some help. Java variable nextPage is being set in
logon_common.jsp as such
String nextPage = (String)request.getParameter("goto");
if (nextPage == null) {
nextPage = "";
}
Now...the URL that I am passing Mid-Tier is similar to this one
http:///arsys/servlet/ViewFormServlet?form=&server=&eid=
When I give it that URL and I have my login.jsp file set to
I go directly to the entry in question. My problem is that when I choose to
display the nextPage variable to the screen to see what it is it is always
"" no matter if I have used the above URL or gone directly to the Home page
or gone directly to the Login page...so it is using some value that I don't
currently know how to check. I have tried request.getParameter as well as
session.getAttributeanyone have any suggestions on how I can determine
if the login already has a goto?
-Original Message-
From: L. J. Head [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 09, 2007 12:24 PM
To: 'arslist@ARSLIST.ORG'
Subject: Login.jsp Manipulation
I, as most of us do, have users that bookmark the login screen
http:///arsys/shared/login.jsp
When they do that they get an error about not having all of the parameters
mapped, they click the 'return to home' button...re-login and they get to
the home page. I got sick of fielding these production support questions so
I came to the list and inquired about how to eliminate them. I was told
that if I change these two lines it would work grand
If you hard-code those two lines with values it works great...any time
anyone gets to the login page and login they go to the home pagewhich is
great with exception of hard coded URL's that are designed to take them to
specific entries instead of the home page. So I got the brilliant idea to
Check to see if nextPage is null...and if it is...set it to /arsys/home...if
not...let it be what it isbut there is the rub...I'm not a JavaScript
GURU to be able to do that...any suggestions?...I've tried several things I
found on the web for checking JSP variables via Javascript but none of them
seem able to properly return the current value of nextPage.
TIA
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
Re: Login.jsp Manipulation
The nextPage variable is probably set on the form post action (i.e.,
when you click the login button). If you want to see the value of the
parameter, read it from the HttpServletRequest Parameter like this:
request.getParameter("goto")
For example, in your html you can simply add this somewhere in the
html to have it written to the page:
Goto Parameter: <%request.getParameter("goto")%>
If you are doing this just for debugging, the firebug plugin for
firefox will show you all the request and response data:
https://addons.mozilla.org/en-US/firefox/addon/1843
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
Ok...with the help of Carey I have gotten to know the code a bit
better...but still need some help. Java variable nextPage is being set in
logon_common.jsp as such
String nextPage = (String)request.getParameter("goto");
if (nextPage == null) {
nextPage = "";
}
Now...the URL that I am passing Mid-Tier is similar to this one
http:///arsys/servlet/ViewFormServlet?form=&server=&eid=
When I give it that URL and I have my login.jsp file set to
I go directly to the entry in question. My problem is that when I choose to
display the nextPage variable to the screen to see what it is it is always
"" no matter if I have used the above URL or gone directly to the Home page
or gone directly to the Login page...so it is using some value that I don't
currently know how to check. I have tried request.getParameter as well as
session.getAttributeanyone have any suggestions on how I can determine
if the login already has a goto?
-Original Message-
From: L. J. Head [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 09, 2007 12:24 PM
To: 'arslist@ARSLIST.ORG'
Subject: Login.jsp Manipulation
I, as most of us do, have users that bookmark the login screen
http:///arsys/shared/login.jsp
When they do that they get an error about not having all of the parameters
mapped, they click the 'return to home' button...re-login and they get to
the home page. I got sick of fielding these production support questions so
I came to the list and inquired about how to eliminate them. I was told
that if I change these two lines it would work grand
If you hard-code those two lines with values it works great...any time
anyone gets to the login page and login they go to the home pagewhich is
great with exception of hard coded URL's that are designed to take them to
specific entries instead of the home page. So I got the brilliant idea to
Check to see if nextPage is null...and if it is...set it to /arsys/home...if
not...let it be what it isbut there is the rub...I'm not a JavaScript
GURU to be able to do that...any suggestions?...I've tried several things I
found on the web for checking JSP variables via Javascript but none of them
seem able to properly return the current value of nextPage.
TIA
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers
Are"
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers
Are"
Re: Login.jsp Manipulation
Something similar for IE7
http://www.microsoft.com/downloads/details.aspx?FamilyID=e59c3964-672d-4511-bb3e-2d5e1db91038&displaylang=en
--
Jarl
On 5/10/07, Axton <[EMAIL PROTECTED]> wrote:
The nextPage variable is probably set on the form post action (i.e.,
when you click the login button). If you want to see the value of the
parameter, read it from the HttpServletRequest Parameter like this:
request.getParameter("goto")
For example, in your html you can simply add this somewhere in the
html to have it written to the page:
Goto Parameter: <%request.getParameter("goto")%>
If you are doing this just for debugging, the firebug plugin for
firefox will show you all the request and response data:
https://addons.mozilla.org/en-US/firefox/addon/1843
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Ok...with the help of Carey I have gotten to know the code a bit
> better...but still need some help. Java variable nextPage is being set in
> logon_common.jsp as such
>
>String nextPage = (String)request.getParameter("goto");
>if (nextPage == null) {
> nextPage = "";
>}
>
> Now...the URL that I am passing Mid-Tier is similar to this one
>
> http:///arsys/servlet/ViewFormServlet?form=&server= erver>&eid=
>
> When I give it that URL and I have my login.jsp file set to
>
>
>
> I go directly to the entry in question. My problem is that when I choose to
> display the nextPage variable to the screen to see what it is it is always
> "" no matter if I have used the above URL or gone directly to the Home page
> or gone directly to the Login page...so it is using some value that I don't
> currently know how to check. I have tried request.getParameter as well as
> session.getAttributeanyone have any suggestions on how I can determine
> if the login already has a goto?
>
> -Original Message-
> From: L. J. Head [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, May 09, 2007 12:24 PM
> To: 'arslist@ARSLIST.ORG'
> Subject: Login.jsp Manipulation
>
> I, as most of us do, have users that bookmark the login screen
>
> http:///arsys/shared/login.jsp
>
> When they do that they get an error about not having all of the parameters
> mapped, they click the 'return to home' button...re-login and they get to
> the home page. I got sick of fielding these production support questions so
> I came to the list and inquired about how to eliminate them. I was told
> that if I change these two lines it would work grand
>
> type="hidden" name="goto" value="<%=nextPage%>" >
>
> If you hard-code those two lines with values it works great...any time
> anyone gets to the login page and login they go to the home pagewhich is
> great with exception of hard coded URL's that are designed to take them to
> specific entries instead of the home page. So I got the brilliant idea to
> Check to see if nextPage is null...and if it is...set it to /arsys/home...if
> not...let it be what it isbut there is the rub...I'm not a JavaScript
> GURU to be able to do that...any suggestions?...I've tried several things I
> found on the web for checking JSP variables via Javascript but none of them
> seem able to properly return the current value of nextPage.
>
> TIA
>
>
___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
>
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers
Are"
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers
Are"
Re: Login.jsp Manipulation
Nice little tool, but it doesn't give you visibility to the request
and response data. Some that will work with IE that I've used are:
Fiddler: http://www.fiddlertool.com/fiddler/
IEWatch: http://www.iewatch.com/
Fiddler is a proxy that sits between your browser and any remote web
servers. It is free.
IEWatch is integrated to IE much like the MS tool, but is available
under a 30 day trial then they require cash.
Axton Grams
On 5/10/07, Jarl Grøneng <[EMAIL PROTECTED]> wrote:
Something similar for IE7
http://www.microsoft.com/downloads/details.aspx?FamilyID=e59c3964-672d-4511-bb3e-2d5e1db91038&displaylang=en
--
Jarl
On 5/10/07, Axton <[EMAIL PROTECTED]> wrote:
> The nextPage variable is probably set on the form post action (i.e.,
> when you click the login button). If you want to see the value of the
> parameter, read it from the HttpServletRequest Parameter like this:
>
> request.getParameter("goto")
>
> For example, in your html you can simply add this somewhere in the
> html to have it written to the page:
>
> Goto Parameter: <%request.getParameter("goto")%>
>
> If you are doing this just for debugging, the firebug plugin for
> firefox will show you all the request and response data:
>
> https://addons.mozilla.org/en-US/firefox/addon/1843
>
> Axton Grams
>
> On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > Ok...with the help of Carey I have gotten to know the code a bit
> > better...but still need some help. Java variable nextPage is being set in
> > logon_common.jsp as such
> >
> >String nextPage = (String)request.getParameter("goto");
> >if (nextPage == null) {
> > nextPage = "";
> >}
> >
> > Now...the URL that I am passing Mid-Tier is similar to this one
> >
> > http:///arsys/servlet/ViewFormServlet?form=&server= > erver>&eid=
> >
> > When I give it that URL and I have my login.jsp file set to
> >
> >
> >
> > I go directly to the entry in question. My problem is that when I choose to
> > display the nextPage variable to the screen to see what it is it is always
> > "" no matter if I have used the above URL or gone directly to the Home page
> > or gone directly to the Login page...so it is using some value that I don't
> > currently know how to check. I have tried request.getParameter as well as
> > session.getAttributeanyone have any suggestions on how I can determine
> > if the login already has a goto?
> >
> > -Original Message-
> > From: L. J. Head [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, May 09, 2007 12:24 PM
> > To: 'arslist@ARSLIST.ORG'
> > Subject: Login.jsp Manipulation
> >
> > I, as most of us do, have users that bookmark the login screen
> >
> > http:///arsys/shared/login.jsp
> >
> > When they do that they get an error about not having all of the parameters
> > mapped, they click the 'return to home' button...re-login and they get to
> > the home page. I got sick of fielding these production support questions so
> > I came to the list and inquired about how to eliminate them. I was told
> > that if I change these two lines it would work grand
> >
> > > type="hidden" name="goto" value="<%=nextPage%>" >
> >
> > If you hard-code those two lines with values it works great...any time
> > anyone gets to the login page and login they go to the home pagewhich is
> > great with exception of hard coded URL's that are designed to take them to
> > specific entries instead of the home page. So I got the brilliant idea to
> > Check to see if nextPage is null...and if it is...set it to /arsys/home...if
> > not...let it be what it isbut there is the rub...I'm not a JavaScript
> > GURU to be able to do that...any suggestions?...I've tried several things I
> > found on the web for checking JSP variables via Javascript but none of them
> > seem able to properly return the current value of nextPage.
> >
> > TIA
> >
> >
___
> > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
> >
>
>
___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
>
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers
Are"
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers
Are"
Re: Login.jsp Manipulation
As you can see below
>String nextPage = (String)request.getParameter("goto");
>if (nextPage == null) {
> nextPage = "";
>}
The java variable is being set from request.getParamater as you suggested.
In neither of the situations I have outlined is it ever anything other than
null. So request does not contain the value that the servlet uses. Any
other suggestions?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Thursday, May 10, 2007 8:42 AM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
The nextPage variable is probably set on the form post action (i.e., when
you click the login button). If you want to see the value of the parameter,
read it from the HttpServletRequest Parameter like this:
request.getParameter("goto")
For example, in your html you can simply add this somewhere in the html to
have it written to the page:
Goto Parameter: <%request.getParameter("goto")%>
If you are doing this just for debugging, the firebug plugin for firefox
will show you all the request and response data:
https://addons.mozilla.org/en-US/firefox/addon/1843
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Ok...with the help of Carey I have gotten to know the code a bit
> better...but still need some help. Java variable nextPage is being
> set in logon_common.jsp as such
>
>String nextPage = (String)request.getParameter("goto");
>if (nextPage == null) {
> nextPage = "";
>}
>
> Now...the URL that I am passing Mid-Tier is similar to this one
>
> http:///arsys/servlet/ViewFormServlet?form=&server= emedyS
> erver>&eid=
>
> When I give it that URL and I have my login.jsp file set to
>
>
>
> I go directly to the entry in question. My problem is that when I
> choose to display the nextPage variable to the screen to see what it
> is it is always "" no matter if I have used the above URL or gone
> directly to the Home page or gone directly to the Login page...so it
> is using some value that I don't currently know how to check. I have
> tried request.getParameter as well as session.getAttributeanyone
> have any suggestions on how I can determine if the login already has a
goto?
>
> -Original Message-
> From: L. J. Head [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, May 09, 2007 12:24 PM
> To: 'arslist@ARSLIST.ORG'
> Subject: Login.jsp Manipulation
>
> I, as most of us do, have users that bookmark the login screen
>
> http:///arsys/shared/login.jsp
>
> When they do that they get an error about not having all of the
> parameters mapped, they click the 'return to home' button...re-login
> and they get to the home page. I got sick of fielding these
> production support questions so I came to the list and inquired about
> how to eliminate them. I was told that if I change these two lines it
> would work grand
>
> type="hidden" name="goto" value="<%=nextPage%>" >
>
> If you hard-code those two lines with values it works great...any time
> anyone gets to the login page and login they go to the home
> pagewhich is great with exception of hard coded URL's that are
> designed to take them to specific entries instead of the home page.
> So I got the brilliant idea to Check to see if nextPage is null...and
> if it is...set it to /arsys/home...if not...let it be what it
> isbut there is the rub...I'm not a JavaScript GURU to be able to
> do that...any suggestions?...I've tried several things I found on the
> web for checking JSP variables via Javascript but none of them seem able
to properly return the current value of nextPage.
>
> TIA
>
> __
> _ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> ARSlist:"Where the Answers Are"
>
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
Re: Login.jsp Manipulation
Axton,
Thank you for the suggestion of Fiddlerit has helped me delve a bit
deeper. I now see that a cookie is being set in the header with line
Set-Cookie: JSESSIONID=kefXv3yqCvOtNdzkZA6NbPrqCds; path=/arsys
SoI now need to know how to browse the cookie that is being created and
check valuesany suggestions from anyone???
-Original Message-
From: L. J. Head [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 10, 2007 9:53 AM
To: 'arslist@ARSLIST.ORG'
Subject: RE: Login.jsp Manipulation
As you can see below
>String nextPage = (String)request.getParameter("goto");
>if (nextPage == null) {
> nextPage = "";
>}
The java variable is being set from request.getParamater as you suggested.
In neither of the situations I have outlined is it ever anything other than
null. So request does not contain the value that the servlet uses. Any
other suggestions?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Thursday, May 10, 2007 8:42 AM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
The nextPage variable is probably set on the form post action (i.e., when
you click the login button). If you want to see the value of the parameter,
read it from the HttpServletRequest Parameter like this:
request.getParameter("goto")
For example, in your html you can simply add this somewhere in the html to
have it written to the page:
Goto Parameter: <%request.getParameter("goto")%>
If you are doing this just for debugging, the firebug plugin for firefox
will show you all the request and response data:
https://addons.mozilla.org/en-US/firefox/addon/1843
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Ok...with the help of Carey I have gotten to know the code a bit
> better...but still need some help. Java variable nextPage is being
> set in logon_common.jsp as such
>
>String nextPage = (String)request.getParameter("goto");
>if (nextPage == null) {
> nextPage = "";
>}
>
> Now...the URL that I am passing Mid-Tier is similar to this one
>
> http:///arsys/servlet/ViewFormServlet?form=&server= emedyS
> erver>&eid=
>
> When I give it that URL and I have my login.jsp file set to
>
>
>
> I go directly to the entry in question. My problem is that when I
> choose to display the nextPage variable to the screen to see what it
> is it is always "" no matter if I have used the above URL or gone
> directly to the Home page or gone directly to the Login page...so it
> is using some value that I don't currently know how to check. I have
> tried request.getParameter as well as session.getAttributeanyone
> have any suggestions on how I can determine if the login already has a
goto?
>
> -Original Message-
> From: L. J. Head [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, May 09, 2007 12:24 PM
> To: 'arslist@ARSLIST.ORG'
> Subject: Login.jsp Manipulation
>
> I, as most of us do, have users that bookmark the login screen
>
> http:///arsys/shared/login.jsp
>
> When they do that they get an error about not having all of the
> parameters mapped, they click the 'return to home' button...re-login
> and they get to the home page. I got sick of fielding these
> production support questions so I came to the list and inquired about
> how to eliminate them. I was told that if I change these two lines it
> would work grand
>
> type="hidden" name="goto" value="<%=nextPage%>" >
>
> If you hard-code those two lines with values it works great...any time
> anyone gets to the login page and login they go to the home
> pagewhich is great with exception of hard coded URL's that are
> designed to take them to specific entries instead of the home page.
> So I got the brilliant idea to Check to see if nextPage is null...and
> if it is...set it to /arsys/home...if not...let it be what it
> isbut there is the rub...I'm not a JavaScript GURU to be able to
> do that...any suggestions?...I've tried several things I found on the
> web for checking JSP variables via Javascript but none of them seem able
to properly return the current value of nextPage.
>
> TIA
>
> __
> _ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> ARSlist:"Where the Answers Are"
>
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
Re: Login.jsp Manipulation
If the url uses this format, you can get at the goto parameter:
http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
Axton,
Thank you for the suggestion of Fiddlerit has helped me delve a bit
deeper. I now see that a cookie is being set in the header with line
Set-Cookie: JSESSIONID=kefXv3yqCvOtNdzkZA6NbPrqCds; path=/arsys
SoI now need to know how to browse the cookie that is being created and
check valuesany suggestions from anyone???
-Original Message-
From: L. J. Head [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 10, 2007 9:53 AM
To: 'arslist@ARSLIST.ORG'
Subject: RE: Login.jsp Manipulation
As you can see below
>String nextPage = (String)request.getParameter("goto");
>if (nextPage == null) {
> nextPage = "";
>}
The java variable is being set from request.getParamater as you suggested.
In neither of the situations I have outlined is it ever anything other than
null. So request does not contain the value that the servlet uses. Any
other suggestions?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Thursday, May 10, 2007 8:42 AM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
The nextPage variable is probably set on the form post action (i.e., when
you click the login button). If you want to see the value of the parameter,
read it from the HttpServletRequest Parameter like this:
request.getParameter("goto")
For example, in your html you can simply add this somewhere in the html to
have it written to the page:
Goto Parameter: <%request.getParameter("goto")%>
If you are doing this just for debugging, the firebug plugin for firefox
will show you all the request and response data:
https://addons.mozilla.org/en-US/firefox/addon/1843
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Ok...with the help of Carey I have gotten to know the code a bit
> better...but still need some help. Java variable nextPage is being
> set in logon_common.jsp as such
>
>String nextPage = (String)request.getParameter("goto");
>if (nextPage == null) {
> nextPage = "";
>}
>
> Now...the URL that I am passing Mid-Tier is similar to this one
>
> http:///arsys/servlet/ViewFormServlet?form=&server= emedyS
> erver>&eid=
>
> When I give it that URL and I have my login.jsp file set to
>
>
>
> I go directly to the entry in question. My problem is that when I
> choose to display the nextPage variable to the screen to see what it
> is it is always "" no matter if I have used the above URL or gone
> directly to the Home page or gone directly to the Login page...so it
> is using some value that I don't currently know how to check. I have
> tried request.getParameter as well as session.getAttributeanyone
> have any suggestions on how I can determine if the login already has a
goto?
>
> -Original Message-
> From: L. J. Head [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, May 09, 2007 12:24 PM
> To: 'arslist@ARSLIST.ORG'
> Subject: Login.jsp Manipulation
>
> I, as most of us do, have users that bookmark the login screen
>
> http:///arsys/shared/login.jsp
>
> When they do that they get an error about not having all of the
> parameters mapped, they click the 'return to home' button...re-login
> and they get to the home page. I got sick of fielding these
> production support questions so I came to the list and inquired about
> how to eliminate them. I was told that if I change these two lines it
> would work grand
>
> type="hidden" name="goto" value="<%=nextPage%>" >
>
> If you hard-code those two lines with values it works great...any time
> anyone gets to the login page and login they go to the home
> pagewhich is great with exception of hard coded URL's that are
> designed to take them to specific entries instead of the home page.
> So I got the brilliant idea to Check to see if nextPage is null...and
> if it is...set it to /arsys/home...if not...let it be what it
> isbut there is the rub...I'm not a JavaScript GURU to be able to
> do that...any suggestions?...I've tried several things I found on the
> web for checking JSP variables via Javascript but none of them seem able
to properly return the current value of nextPage.
>
> TIA
>
> __
> _ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> ARSlist:"Where the Answers Are"
>
__
Re: Login.jsp Manipulation
Agreedbut I'm trying to figure out how to use the variable that Mid-Tier
already has
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Thursday, May 10, 2007 12:20 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
If the url uses this format, you can get at the goto parameter:
http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Axton,
> Thank you for the suggestion of Fiddlerit has helped me delve a
> bit deeper. I now see that a cookie is being set in the header with
> line
>
> Set-Cookie: JSESSIONID=kefXv3yqCvOtNdzkZA6NbPrqCds; path=/arsys
>
> SoI now need to know how to browse the cookie that is being
> created and check valuesany suggestions from anyone???
>
> -Original Message-
> From: L. J. Head [mailto:[EMAIL PROTECTED]
> Sent: Thursday, May 10, 2007 9:53 AM
> To: 'arslist@ARSLIST.ORG'
> Subject: RE: Login.jsp Manipulation
>
> As you can see below
> >String nextPage = (String)request.getParameter("goto");
> >if (nextPage == null) {
> > nextPage = "";
> >}
> The java variable is being set from request.getParamater as you suggested.
> In neither of the situations I have outlined is it ever anything other
> than null. So request does not contain the value that the servlet
> uses. Any other suggestions?
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> Sent: Thursday, May 10, 2007 8:42 AM
> To: arslist@ARSLIST.ORG
> Subject: Re: Login.jsp Manipulation
>
> The nextPage variable is probably set on the form post action (i.e.,
> when you click the login button). If you want to see the value of the
> parameter, read it from the HttpServletRequest Parameter like this:
>
> request.getParameter("goto")
>
> For example, in your html you can simply add this somewhere in the
> html to have it written to the page:
>
> Goto Parameter: <%request.getParameter("goto")%>
>
> If you are doing this just for debugging, the firebug plugin for
> firefox will show you all the request and response data:
>
> https://addons.mozilla.org/en-US/firefox/addon/1843
>
> Axton Grams
>
> On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > Ok...with the help of Carey I have gotten to know the code a bit
> > better...but still need some help. Java variable nextPage is being
> > set in logon_common.jsp as such
> >
> >String nextPage = (String)request.getParameter("goto");
> >if (nextPage == null) {
> > nextPage = "";
> >}
> >
> > Now...the URL that I am passing Mid-Tier is similar to this one
> >
> > http:///arsys/servlet/ViewFormServlet?form=&server=
> > > emedyS
> > erver>&eid=
> >
> > When I give it that URL and I have my login.jsp file set to
> >
> >
> >
> > I go directly to the entry in question. My problem is that when I
> > choose to display the nextPage variable to the screen to see what it
> > is it is always "" no matter if I have used the above URL or gone
> > directly to the Home page or gone directly to the Login page...so it
> > is using some value that I don't currently know how to check. I
> > have tried request.getParameter as well as
> > session.getAttributeanyone have any suggestions on how I can
> > determine if the login already has a
> goto?
> >
> > -Original Message-
> > From: L. J. Head [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, May 09, 2007 12:24 PM
> > To: 'arslist@ARSLIST.ORG'
> > Subject: Login.jsp Manipulation
> >
> > I, as most of us do, have users that bookmark the login screen
> >
> > http:///arsys/shared/login.jsp
> >
> > When they do that they get an error about not having all of the
> > parameters mapped, they click the 'return to home' button...re-login
> > and they get to the home page. I got sick of fielding these
> > production support questions so I came to the list and inquired
> > about how to eliminate them. I was told that if I change these two
> > lines it would work grand
> >
> > > type="hidden" name="goto" value="<%=nextPage%>" >
> >
> > If you hard-code those two lines with values it works great...any
> &g
Re: Login.jsp Manipulation
It may be a session attribute (server side), in which case you would
need to use the methods defined for the class of the object that
stores that information. You can look at the browser stats app for an
example of listing the available session attributes:
http://arswiki.org/projects/browserstats/browser/trunk/java/src/org/arswiki/browserstats/StatsServlet.java#L326
If you embed the enumeration in your jsp, then use a loop/printwriter
to write out the data, you will be able to see what is out there. It
may be stored this way.
I am not seeing anywhere in the request or response for each hit where
this information is contained.
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
Agreedbut I'm trying to figure out how to use the variable that Mid-Tier
already has
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Thursday, May 10, 2007 12:20 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
If the url uses this format, you can get at the goto parameter:
http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Axton,
> Thank you for the suggestion of Fiddlerit has helped me delve a
> bit deeper. I now see that a cookie is being set in the header with
> line
>
> Set-Cookie: JSESSIONID=kefXv3yqCvOtNdzkZA6NbPrqCds; path=/arsys
>
> SoI now need to know how to browse the cookie that is being
> created and check valuesany suggestions from anyone???
>
> -Original Message-
> From: L. J. Head [mailto:[EMAIL PROTECTED]
> Sent: Thursday, May 10, 2007 9:53 AM
> To: 'arslist@ARSLIST.ORG'
> Subject: RE: Login.jsp Manipulation
>
> As you can see below
> >String nextPage = (String)request.getParameter("goto");
> >if (nextPage == null) {
> > nextPage = "";
> >}
> The java variable is being set from request.getParamater as you suggested.
> In neither of the situations I have outlined is it ever anything other
> than null. So request does not contain the value that the servlet
> uses. Any other suggestions?
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> Sent: Thursday, May 10, 2007 8:42 AM
> To: arslist@ARSLIST.ORG
> Subject: Re: Login.jsp Manipulation
>
> The nextPage variable is probably set on the form post action (i.e.,
> when you click the login button). If you want to see the value of the
> parameter, read it from the HttpServletRequest Parameter like this:
>
> request.getParameter("goto")
>
> For example, in your html you can simply add this somewhere in the
> html to have it written to the page:
>
> Goto Parameter: <%request.getParameter("goto")%>
>
> If you are doing this just for debugging, the firebug plugin for
> firefox will show you all the request and response data:
>
> https://addons.mozilla.org/en-US/firefox/addon/1843
>
> Axton Grams
>
> On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > Ok...with the help of Carey I have gotten to know the code a bit
> > better...but still need some help. Java variable nextPage is being
> > set in logon_common.jsp as such
> >
> >String nextPage = (String)request.getParameter("goto");
> >if (nextPage == null) {
> > nextPage = "";
> >}
> >
> > Now...the URL that I am passing Mid-Tier is similar to this one
> >
> > http:///arsys/servlet/ViewFormServlet?form=&server=
> > > emedyS
> > erver>&eid=
> >
> > When I give it that URL and I have my login.jsp file set to
> >
> >
> >
> > I go directly to the entry in question. My problem is that when I
> > choose to display the nextPage variable to the screen to see what it
> > is it is always "" no matter if I have used the above URL or gone
> > directly to the Home page or gone directly to the Login page...so it
> > is using some value that I don't currently know how to check. I
> > have tried request.getParameter as well as
> > session.getAttributeanyone have any suggestions on how I can
> > determine if the login already has a
> goto?
> >
> > -Original Message-
> > From: L. J. Head [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, May 09, 2007 12:24 PM
> > To: 'arslist@ARSLIST.ORG'
> > Subject: Login.jsp Manipulation
> >
> > I, as most of us do, have users that bookmark the login screen
> >
> > http:///arsys/shared/login.jsp
> >
> > When th
Re: Login.jsp Manipulation
Okmaybe I'm making this harder for myself than I need tohere is my
goal...I can't possibly be the only one trying to do this
If accessing Mid-Tier Login page with no re-direct pre-defined I want to go
to the home page. If they are following a link that takes them somewhere
specific I want to allow them to go there...
I can't believe this isn't built into the product...but then again I've been
using it long enough I can believe that...does anyone have any suggestions
for that?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Thursday, May 10, 2007 1:06 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
It may be a session attribute (server side), in which case you would need to
use the methods defined for the class of the object that stores that
information. You can look at the browser stats app for an example of
listing the available session attributes:
http://arswiki.org/projects/browserstats/browser/trunk/java/src/org/arswiki/
browserstats/StatsServlet.java#L326
If you embed the enumeration in your jsp, then use a loop/printwriter to
write out the data, you will be able to see what is out there. It may be
stored this way.
I am not seeing anywhere in the request or response for each hit where this
information is contained.
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Agreedbut I'm trying to figure out how to use the variable that
> Mid-Tier already has
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> Sent: Thursday, May 10, 2007 12:20 PM
> To: arslist@ARSLIST.ORG
> Subject: Re: Login.jsp Manipulation
>
> If the url uses this format, you can get at the goto parameter:
>
> http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
>
> Axton Grams
>
> On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > Axton,
> > Thank you for the suggestion of Fiddlerit has helped me delve a
> > bit deeper. I now see that a cookie is being set in the header with
> > line
> >
> > Set-Cookie: JSESSIONID=kefXv3yqCvOtNdzkZA6NbPrqCds; path=/arsys
> >
> > SoI now need to know how to browse the cookie that is being
> > created and check valuesany suggestions from anyone???
> >
> > -----Original Message-
> > From: L. J. Head [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, May 10, 2007 9:53 AM
> > To: 'arslist@ARSLIST.ORG'
> > Subject: RE: Login.jsp Manipulation
> >
> > As you can see below
> > >String nextPage = (String)request.getParameter("goto");
> > >if (nextPage == null) {
> > > nextPage = "";
> > >}
> > The java variable is being set from request.getParamater as you
suggested.
> > In neither of the situations I have outlined is it ever anything
> > other than null. So request does not contain the value that the
> > servlet uses. Any other suggestions?
> >
> > -Original Message-
> > From: Action Request System discussion list(ARSList)
> > [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> > Sent: Thursday, May 10, 2007 8:42 AM
> > To: arslist@ARSLIST.ORG
> > Subject: Re: Login.jsp Manipulation
> >
> > The nextPage variable is probably set on the form post action (i.e.,
> > when you click the login button). If you want to see the value of
> > the parameter, read it from the HttpServletRequest Parameter like this:
> >
> > request.getParameter("goto")
> >
> > For example, in your html you can simply add this somewhere in the
> > html to have it written to the page:
> >
> > Goto Parameter: <%request.getParameter("goto")%>
> >
> > If you are doing this just for debugging, the firebug plugin for
> > firefox will show you all the request and response data:
> >
> > https://addons.mozilla.org/en-US/firefox/addon/1843
> >
> > Axton Grams
> >
> > On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > > Ok...with the help of Carey I have gotten to know the code a bit
> > > better...but still need some help. Java variable nextPage is
> > > being set in logon_common.jsp as such
> > >
> > >String nextPage = (String)request.getParameter("goto");
> > >if (nextPage == null) {
> > > nextPage = "";
> > >}
> > >
> > > Now...the URL that I am passing Mid-Tier is similar to this one
> > >
> > > http:///arsys/servlet/ViewFormServlet?form=&a
Re: Login.jsp Manipulation
Front your jsp engine with apache and use a combination of mod_rewrite and
mod_proxy to hide the real url?
I haven't gone there yet, but am about to...
-tony
--
Tony Worthington
[EMAIL PROTECTED]
262-703-5911
"L. J. Head" <[EMAIL PROTECTED]>
Sent by: "Action Request System discussion list(ARSList)"
05/11/2007 08:14 AM
Please respond to
arslist@ARSLIST.ORG
To
arslist@ARSLIST.ORG
cc
Subject
Re: Login.jsp Manipulation
Okmaybe I'm making this harder for myself than I need tohere is my
goal...I can't possibly be the only one trying to do this
If accessing Mid-Tier Login page with no re-direct pre-defined I want to
go
to the home page. If they are following a link that takes them somewhere
specific I want to allow them to go there...
I can't believe this isn't built into the product...but then again I've
been
using it long enough I can believe that...does anyone have any suggestions
for that?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Thursday, May 10, 2007 1:06 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
It may be a session attribute (server side), in which case you would need
to
use the methods defined for the class of the object that stores that
information. You can look at the browser stats app for an example of
listing the available session attributes:
http://arswiki.org/projects/browserstats/browser/trunk/java/src/org/arswiki/
browserstats/StatsServlet.java#L326
If you embed the enumeration in your jsp, then use a loop/printwriter to
write out the data, you will be able to see what is out there. It may be
stored this way.
I am not seeing anywhere in the request or response for each hit where
this
information is contained.
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Agreedbut I'm trying to figure out how to use the variable that
> Mid-Tier already has
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> Sent: Thursday, May 10, 2007 12:20 PM
> To: arslist@ARSLIST.ORG
> Subject: Re: Login.jsp Manipulation
>
> If the url uses this format, you can get at the goto parameter:
>
> http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
>
> Axton Grams
>
> On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > Axton,
> > Thank you for the suggestion of Fiddlerit has helped me delve a
> > bit deeper. I now see that a cookie is being set in the header with
> > line
> >
> > Set-Cookie: JSESSIONID=kefXv3yqCvOtNdzkZA6NbPrqCds; path=/arsys
> >
> > SoI now need to know how to browse the cookie that is being
> > created and check valuesany suggestions from anyone???
> >
> > -Original Message-
> > From: L. J. Head [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, May 10, 2007 9:53 AM
> > To: 'arslist@ARSLIST.ORG'
> > Subject: RE: Login.jsp Manipulation
> >
> > As you can see below
> > >String nextPage = (String)request.getParameter("goto");
> > >if (nextPage == null) {
> > > nextPage = "";
> > >}
> > The java variable is being set from request.getParamater as you
suggested.
> > In neither of the situations I have outlined is it ever anything
> > other than null. So request does not contain the value that the
> > servlet uses. Any other suggestions?
> >
> > -Original Message-
> > From: Action Request System discussion list(ARSList)
> > [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> > Sent: Thursday, May 10, 2007 8:42 AM
> > To: arslist@ARSLIST.ORG
> > Subject: Re: Login.jsp Manipulation
> >
> > The nextPage variable is probably set on the form post action (i.e.,
> > when you click the login button). If you want to see the value of
> > the parameter, read it from the HttpServletRequest Parameter like
this:
> >
> > request.getParameter("goto")
> >
> > For example, in your html you can simply add this somewhere in the
> > html to have it written to the page:
> >
> > Goto Parameter: <%request.getParameter("goto")%>
> >
> > If you are doing this just for debugging, the firebug plugin for
> > firefox will show you all the request and response data:
> >
> > https://addons.mozilla.org/en-US/firefox/addon/1843
> >
> > Axton Grams
> >
> > On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > > Ok...with the help of Carey I have gotten to know the code a bit
> > > better...but still need
Re: Login.jsp Manipulation
Well, if your purpose is to hide a "bad" URL from being bookmarked, you
could make it appear that all the pages have a URL of
http://server/arsys/home -- or whatever you wanted for that matter. And
you could redirect from the logout page, right back to login.
--
Tony Worthington
[EMAIL PROTECTED]
262-703-5911
"L. J. Head" <[EMAIL PROTECTED]>
Sent by: "Action Request System discussion list(ARSList)"
05/11/2007 08:27 AM
Please respond to
arslist@ARSLIST.ORG
To
arslist@ARSLIST.ORG
cc
Subject
Re: Login.jsp Manipulation
Honestly...that's above my head...but what would hiding the real URL from
the user do to tell me what the nextPage variable is?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Worthington
Sent: Friday, May 11, 2007 7:17 AM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
Front your jsp engine with apache and use a combination of mod_rewrite and
mod_proxy to hide the real url?
I haven't gone there yet, but am about to...
-tony
--
Tony Worthington
[EMAIL PROTECTED]
262-703-5911
"L. J. Head" <[EMAIL PROTECTED]>
Sent by: "Action Request System discussion list(ARSList)"
05/11/2007 08:14 AM
Please respond to
arslist@ARSLIST.ORG
To
arslist@ARSLIST.ORG
cc
Subject
Re: Login.jsp Manipulation
Okmaybe I'm making this harder for myself than I need tohere is my
goal...I can't possibly be the only one trying to do this
If accessing Mid-Tier Login page with no re-direct pre-defined I want to
go
to the home page. If they are following a link that takes them somewhere
specific I want to allow them to go there...
I can't believe this isn't built into the product...but then again I've
been
using it long enough I can believe that...does anyone have any suggestions
for that?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Thursday, May 10, 2007 1:06 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
It may be a session attribute (server side), in which case you would need
to
use the methods defined for the class of the object that stores that
information. You can look at the browser stats app for an example of
listing the available session attributes:
http://arswiki.org/projects/browserstats/browser/trunk/java/src/org/arswiki/
browserstats/StatsServlet.java#L326
If you embed the enumeration in your jsp, then use a loop/printwriter to
write out the data, you will be able to see what is out there. It may be
stored this way.
I am not seeing anywhere in the request or response for each hit where
this
information is contained.
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Agreedbut I'm trying to figure out how to use the variable that
> Mid-Tier already has
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> Sent: Thursday, May 10, 2007 12:20 PM
> To: arslist@ARSLIST.ORG
> Subject: Re: Login.jsp Manipulation
>
> If the url uses this format, you can get at the goto parameter:
>
> http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
>
> Axton Grams
>
> On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > Axton,
> > Thank you for the suggestion of Fiddlerit has helped me delve a
> > bit deeper. I now see that a cookie is being set in the header with
> > line
> >
> > Set-Cookie: JSESSIONID=kefXv3yqCvOtNdzkZA6NbPrqCds; path=/arsys
> >
> > SoI now need to know how to browse the cookie that is being
> > created and check valuesany suggestions from anyone???
> >
> > -Original Message-
> > From: L. J. Head [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, May 10, 2007 9:53 AM
> > To: 'arslist@ARSLIST.ORG'
> > Subject: RE: Login.jsp Manipulation
> >
> > As you can see below
> > >String nextPage = (String)request.getParameter("goto");
> > >if (nextPage == null) {
> > > nextPage = "";
> > >}
> > The java variable is being set from request.getParamater as you
suggested.
> > In neither of the situations I have outlined is it ever anything
> > other than null. So request does not contain the value that the
> > servlet uses. Any other suggestions?
> >
> > -Original Message-
> > From: Action Request System discussion list(ARSList)
> > [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> > Sent: Thursday, May 10, 2007 8:42 AM
> > To: arslist@ARSLIST.ORG
> > Subject: Re: Login.jsp Manipulation
> >
> > The nextPage v
Re: Login.jsp Manipulation
Honestly...that's above my head...but what would hiding the real URL from
the user do to tell me what the nextPage variable is?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Worthington
Sent: Friday, May 11, 2007 7:17 AM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
Front your jsp engine with apache and use a combination of mod_rewrite and
mod_proxy to hide the real url?
I haven't gone there yet, but am about to...
-tony
--
Tony Worthington
[EMAIL PROTECTED]
262-703-5911
"L. J. Head" <[EMAIL PROTECTED]>
Sent by: "Action Request System discussion list(ARSList)"
05/11/2007 08:14 AM
Please respond to
arslist@ARSLIST.ORG
To
arslist@ARSLIST.ORG
cc
Subject
Re: Login.jsp Manipulation
Okmaybe I'm making this harder for myself than I need tohere is my
goal...I can't possibly be the only one trying to do this
If accessing Mid-Tier Login page with no re-direct pre-defined I want to
go
to the home page. If they are following a link that takes them somewhere
specific I want to allow them to go there...
I can't believe this isn't built into the product...but then again I've
been
using it long enough I can believe that...does anyone have any suggestions
for that?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Thursday, May 10, 2007 1:06 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
It may be a session attribute (server side), in which case you would need
to
use the methods defined for the class of the object that stores that
information. You can look at the browser stats app for an example of
listing the available session attributes:
http://arswiki.org/projects/browserstats/browser/trunk/java/src/org/arswiki/
browserstats/StatsServlet.java#L326
If you embed the enumeration in your jsp, then use a loop/printwriter to
write out the data, you will be able to see what is out there. It may be
stored this way.
I am not seeing anywhere in the request or response for each hit where
this
information is contained.
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Agreedbut I'm trying to figure out how to use the variable that
> Mid-Tier already has
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> Sent: Thursday, May 10, 2007 12:20 PM
> To: arslist@ARSLIST.ORG
> Subject: Re: Login.jsp Manipulation
>
> If the url uses this format, you can get at the goto parameter:
>
> http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
>
> Axton Grams
>
> On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > Axton,
> > Thank you for the suggestion of Fiddlerit has helped me delve a
> > bit deeper. I now see that a cookie is being set in the header with
> > line
> >
> > Set-Cookie: JSESSIONID=kefXv3yqCvOtNdzkZA6NbPrqCds; path=/arsys
> >
> > SoI now need to know how to browse the cookie that is being
> > created and check valuesany suggestions from anyone???
> >
> > -Original Message-
> > From: L. J. Head [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, May 10, 2007 9:53 AM
> > To: 'arslist@ARSLIST.ORG'
> > Subject: RE: Login.jsp Manipulation
> >
> > As you can see below
> > >String nextPage = (String)request.getParameter("goto");
> > >if (nextPage == null) {
> > > nextPage = "";
> > >}
> > The java variable is being set from request.getParamater as you
suggested.
> > In neither of the situations I have outlined is it ever anything
> > other than null. So request does not contain the value that the
> > servlet uses. Any other suggestions?
> >
> > -Original Message-
> > From: Action Request System discussion list(ARSList)
> > [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> > Sent: Thursday, May 10, 2007 8:42 AM
> > To: arslist@ARSLIST.ORG
> > Subject: Re: Login.jsp Manipulation
> >
> > The nextPage variable is probably set on the form post action (i.e.,
> > when you click the login button). If you want to see the value of
> > the parameter, read it from the HttpServletRequest Parameter like
this:
> >
> > request.getParameter("goto")
> >
> > For example, in your html you can simply add this somewhere in the
> > html to have it written to the page:
> >
> > Goto Parameter: <%request.getParameter("goto")%>
> >
> > If you are doing this just for debugging, the firebug plugin for
Re: Login.jsp Manipulation
Okwell...that is certainly an approach I hadn't thought
aboutpreventing them from bookmarking the login page...now I see the
value in your approach.
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Worthington
Sent: Friday, May 11, 2007 7:37 AM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
Well, if your purpose is to hide a "bad" URL from being bookmarked, you
could make it appear that all the pages have a URL of
http://server/arsys/home -- or whatever you wanted for that matter. And you
could redirect from the logout page, right back to login.
--
Tony Worthington
[EMAIL PROTECTED]
262-703-5911
"L. J. Head" <[EMAIL PROTECTED]>
Sent by: "Action Request System discussion list(ARSList)"
05/11/2007 08:27 AM
Please respond to
arslist@ARSLIST.ORG
To
arslist@ARSLIST.ORG
cc
Subject
Re: Login.jsp Manipulation
Honestly...that's above my head...but what would hiding the real URL from
the user do to tell me what the nextPage variable is?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Worthington
Sent: Friday, May 11, 2007 7:17 AM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
Front your jsp engine with apache and use a combination of mod_rewrite and
mod_proxy to hide the real url?
I haven't gone there yet, but am about to...
-tony
--
Tony Worthington
[EMAIL PROTECTED]
262-703-5911
"L. J. Head" <[EMAIL PROTECTED]>
Sent by: "Action Request System discussion list(ARSList)"
05/11/2007 08:14 AM
Please respond to
arslist@ARSLIST.ORG
To
arslist@ARSLIST.ORG
cc
Subject
Re: Login.jsp Manipulation
Okmaybe I'm making this harder for myself than I need tohere is my
goal...I can't possibly be the only one trying to do this
If accessing Mid-Tier Login page with no re-direct pre-defined I want to
go
to the home page. If they are following a link that takes them somewhere
specific I want to allow them to go there...
I can't believe this isn't built into the product...but then again I've
been
using it long enough I can believe that...does anyone have any suggestions
for that?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Thursday, May 10, 2007 1:06 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
It may be a session attribute (server side), in which case you would need
to
use the methods defined for the class of the object that stores that
information. You can look at the browser stats app for an example of
listing the available session attributes:
http://arswiki.org/projects/browserstats/browser/trunk/java/src/org/arswiki/
browserstats/StatsServlet.java#L326
If you embed the enumeration in your jsp, then use a loop/printwriter to
write out the data, you will be able to see what is out there. It may be
stored this way.
I am not seeing anywhere in the request or response for each hit where
this
information is contained.
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Agreedbut I'm trying to figure out how to use the variable that
> Mid-Tier already has
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> Sent: Thursday, May 10, 2007 12:20 PM
> To: arslist@ARSLIST.ORG
> Subject: Re: Login.jsp Manipulation
>
> If the url uses this format, you can get at the goto parameter:
>
> http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
>
> Axton Grams
>
> On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > Axton,
> > Thank you for the suggestion of Fiddlerit has helped me delve a
> > bit deeper. I now see that a cookie is being set in the header with
> > line
> >
> > Set-Cookie: JSESSIONID=kefXv3yqCvOtNdzkZA6NbPrqCds; path=/arsys
> >
> > SoI now need to know how to browse the cookie that is being
> > created and check values....any suggestions from anyone???
> >
> > -Original Message-
> > From: L. J. Head [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, May 10, 2007 9:53 AM
> > To: 'arslist@ARSLIST.ORG'
> > Subject: RE: Login.jsp Manipulation
> >
> > As you can see below
> > >String nextPage = (String)request.getParameter("goto");
> > >if (nextPage == null) {
> > > nextPage = "";
> > >}
> > The java variable is being set from request.getParamater as you
suggested.
> > In neither of the situations I have outlined is it ever anything
> > other than null. So request does not contain the v
Re: Login.jsp Manipulation
Sorry for jumping in late here but the Mid-Tier uses several variables
(depending on your style of url)
goto:
http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
form:
http://WebServer/arsys/servlet/ViewFormServlet?server=ArsServer&form=For
mName
So something like the following may work
String parmTest1 = (String)request.getParameter("goto");
String parmTest2 = (String)request.getParameter("form");
String parmTest3 = (String)request.getParameter("server");
if (parmTest1 == null) AND (parmTest2 == null) AND (parmTest3 ==
null) {
document.forms["loginForm"].elements['goto'].value =
"/arsys/home";
}
Fred
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of L. J. Head
Sent: Thursday, May 10, 2007 1:56 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
Agreedbut I'm trying to figure out how to use the variable that
Mid-Tier already has
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Thursday, May 10, 2007 12:20 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
If the url uses this format, you can get at the goto parameter:
http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Axton,
> Thank you for the suggestion of Fiddlerit has helped me delve a
> bit deeper. I now see that a cookie is being set in the header with
> line
>
> Set-Cookie: JSESSIONID=kefXv3yqCvOtNdzkZA6NbPrqCds; path=/arsys
>
> SoI now need to know how to browse the cookie that is being
> created and check valuesany suggestions from anyone???
>
> -Original Message-
> From: L. J. Head [mailto:[EMAIL PROTECTED]
> Sent: Thursday, May 10, 2007 9:53 AM
> To: 'arslist@ARSLIST.ORG'
> Subject: RE: Login.jsp Manipulation
>
> As you can see below
> >String nextPage = (String)request.getParameter("goto");
> >if (nextPage == null) {
> > nextPage = "";
> >}
> The java variable is being set from request.getParamater as you
suggested.
> In neither of the situations I have outlined is it ever anything other
> than null. So request does not contain the value that the servlet
> uses. Any other suggestions?
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> Sent: Thursday, May 10, 2007 8:42 AM
> To: arslist@ARSLIST.ORG
> Subject: Re: Login.jsp Manipulation
>
> The nextPage variable is probably set on the form post action (i.e.,
> when you click the login button). If you want to see the value of the
> parameter, read it from the HttpServletRequest Parameter like this:
>
> request.getParameter("goto")
>
> For example, in your html you can simply add this somewhere in the
> html to have it written to the page:
>
> Goto Parameter: <%request.getParameter("goto")%>
>
> If you are doing this just for debugging, the firebug plugin for
> firefox will show you all the request and response data:
>
> https://addons.mozilla.org/en-US/firefox/addon/1843
>
> Axton Grams
>
> On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > Ok...with the help of Carey I have gotten to know the code a bit
> > better...but still need some help. Java variable nextPage is being
> > set in logon_common.jsp as such
> >
> >String nextPage = (String)request.getParameter("goto");
> >if (nextPage == null) {
> > nextPage = "";
> >}
> >
> > Now...the URL that I am passing Mid-Tier is similar to this one
> >
> > http:///arsys/servlet/ViewFormServlet?form=&server=
> > > emedyS
> > erver>&eid=
> >
> > When I give it that URL and I have my login.jsp file set to
> >
> >
> >
> > I go directly to the entry in question. My problem is that when I
> > choose to display the nextPage variable to the screen to see what it
> > is it is always "" no matter if I have used the above URL or gone
> > directly to the Home page or gone directly to the Login page...so it
> > is using some value that I don't currently know how to check. I
> > have tried request.getParameter as well as
> > session.getAttributeanyone have any suggestions on how I can
> > determine if the login already has a
> goto?
> >
> > -Original Message-
> > From: L. J. Head [mailto:[EMAIL PROTECTED]
> > Sent:
Re: Login.jsp Manipulation
Ok...the exact code I put into login.jsp was
<%
String parmTest1 = (String)request.getParameter("goto");
String parmTest2 = (String)request.getParameter("form");
String parmTest3 = (String)request.getParameter("server");
if ((parmTest1 == null) && (parmTest2 == null) && (parmTest3 == null)) {
out.print("Gotta Do Something");
}
%>
The URL passed was
http://webserver/arsys/servlet/ViewFormServlet?form=form&server=remserver&ei
d=eid
The results as expected was that all 3 values were blank...and it printed
"Gotta Do Something" on the form. The fact that even after it printed that
on the screen and it still after login took me to the record means that when
I went to the ViewFormServlet it took the parameters and stored them
somewhere...I think it's storing them in a cookie...but I know nothing about
cookies...so I don't know how to retrieve that information...if that is in
fact where it is storing it. If it's storing it in the servlet as a
variable I don't know how to get at that either.
What I'm hoping for is that this will intrigue someone with more skill in
this area enough to actually go out and figure this out...please?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Grooms, Frederick W
Sent: Friday, May 11, 2007 8:18 AM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
Sorry for jumping in late here but the Mid-Tier uses several variables
(depending on your style of url)
goto:
http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
form:
http://WebServer/arsys/servlet/ViewFormServlet?server=ArsServer&form=For
mName
So something like the following may work
String parmTest1 = (String)request.getParameter("goto");
String parmTest2 = (String)request.getParameter("form");
String parmTest3 = (String)request.getParameter("server");
if (parmTest1 == null) AND (parmTest2 == null) AND (parmTest3 ==
null) {
document.forms["loginForm"].elements['goto'].value =
"/arsys/home";
}
Fred
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of L. J. Head
Sent: Thursday, May 10, 2007 1:56 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
Agreedbut I'm trying to figure out how to use the variable that Mid-Tier
already has
-Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Thursday, May 10, 2007 12:20 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
If the url uses this format, you can get at the goto parameter:
http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Axton,
> Thank you for the suggestion of Fiddlerit has helped me delve a
> bit deeper. I now see that a cookie is being set in the header with
> line
>
> Set-Cookie: JSESSIONID=kefXv3yqCvOtNdzkZA6NbPrqCds; path=/arsys
>
> SoI now need to know how to browse the cookie that is being
> created and check valuesany suggestions from anyone???
>
> -Original Message-
> From: L. J. Head [mailto:[EMAIL PROTECTED]
> Sent: Thursday, May 10, 2007 9:53 AM
> To: 'arslist@ARSLIST.ORG'
> Subject: RE: Login.jsp Manipulation
>
> As you can see below
> >String nextPage = (String)request.getParameter("goto");
> >if (nextPage == null) {
> > nextPage = "";
> >}
> The java variable is being set from request.getParamater as you
suggested.
> In neither of the situations I have outlined is it ever anything other
> than null. So request does not contain the value that the servlet
> uses. Any other suggestions?
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> Sent: Thursday, May 10, 2007 8:42 AM
> To: arslist@ARSLIST.ORG
> Subject: Re: Login.jsp Manipulation
>
> The nextPage variable is probably set on the form post action (i.e.,
> when you click the login button). If you want to see the value of the
> parameter, read it from the HttpServletRequest Parameter like this:
>
> request.getParameter("goto")
>
> For example, in your html you can simply add this somewhere in the
> html to have it written to the page:
>
> Goto Parameter: <%request.getParameter("goto")%>
>
> If you are doing this just for debugging, the firebug plugin for
> firefox will show you all the request and response data:
>
> https://addons.mozilla.org/
Re: Login.jsp Manipulation
Lemme see what I can turn up.
Axton Grams
On 5/11/07, L. J. Head <[EMAIL PROTECTED]> wrote:
Ok...the exact code I put into login.jsp was
<%
String parmTest1 = (String)request.getParameter("goto");
String parmTest2 = (String)request.getParameter("form");
String parmTest3 = (String)request.getParameter("server");
if ((parmTest1 == null) && (parmTest2 == null) && (parmTest3 == null)) {
out.print("Gotta Do Something");
}
%>
The URL passed was
http://webserver/arsys/servlet/ViewFormServlet?form=form&server=remserver&ei
d=eid
The results as expected was that all 3 values were blank...and it printed
"Gotta Do Something" on the form. The fact that even after it printed that
on the screen and it still after login took me to the record means that when
I went to the ViewFormServlet it took the parameters and stored them
somewhere...I think it's storing them in a cookie...but I know nothing about
cookies...so I don't know how to retrieve that information...if that is in
fact where it is storing it. If it's storing it in the servlet as a
variable I don't know how to get at that either.
What I'm hoping for is that this will intrigue someone with more skill in
this area enough to actually go out and figure this out...please?
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Grooms, Frederick W
Sent: Friday, May 11, 2007 8:18 AM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
Sorry for jumping in late here but the Mid-Tier uses several variables
(depending on your style of url)
goto:
http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
form:
http://WebServer/arsys/servlet/ViewFormServlet?server=ArsServer&form=For
mName
So something like the following may work
String parmTest1 = (String)request.getParameter("goto");
String parmTest2 = (String)request.getParameter("form");
String parmTest3 = (String)request.getParameter("server");
if (parmTest1 == null) AND (parmTest2 == null) AND (parmTest3 ==
null) {
document.forms["loginForm"].elements['goto'].value =
"/arsys/home";
}
Fred
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of L. J. Head
Sent: Thursday, May 10, 2007 1:56 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
Agreedbut I'm trying to figure out how to use the variable that Mid-Tier
already has
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Thursday, May 10, 2007 12:20 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
If the url uses this format, you can get at the goto parameter:
http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
Axton Grams
On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Axton,
> Thank you for the suggestion of Fiddlerit has helped me delve a
> bit deeper. I now see that a cookie is being set in the header with
> line
>
> Set-Cookie: JSESSIONID=kefXv3yqCvOtNdzkZA6NbPrqCds; path=/arsys
>
> SoI now need to know how to browse the cookie that is being
> created and check values....any suggestions from anyone???
>
> -Original Message-
> From: L. J. Head [mailto:[EMAIL PROTECTED]
> Sent: Thursday, May 10, 2007 9:53 AM
> To: 'arslist@ARSLIST.ORG'
> Subject: RE: Login.jsp Manipulation
>
> As you can see below
> >String nextPage = (String)request.getParameter("goto");
> >if (nextPage == null) {
> > nextPage = "";
> >}
> The java variable is being set from request.getParamater as you
suggested.
> In neither of the situations I have outlined is it ever anything other
> than null. So request does not contain the value that the servlet
> uses. Any other suggestions?
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> Sent: Thursday, May 10, 2007 8:42 AM
> To: arslist@ARSLIST.ORG
> Subject: Re: Login.jsp Manipulation
>
> The nextPage variable is probably set on the form post action (i.e.,
> when you click the login button). If you want to see the value of the
> parameter, read it from the HttpServletRequest Parameter like this:
>
> request.getParameter("goto")
>
> For example, in your html you can simply add this somewhere in the
> html to have it written to the page:
>
> Goto Parameter: <%request.getParameter("goto")%>
>
> If you are doing this just for debugging, the firebug plugin for
> firefox will show you all the r
Re: Login.jsp Manipulation
Ok, here's what I see.
I modified the login.jsp to print the session attributes in a table
field. This is what I saw:
Attribute Name Class Name Value
returnBack class java.lang.String /arsys/forms/arsdev/User
arsys_login_nameclass java.lang.String
arsys_login_msg class java.lang.String
arsdev is the name of my remedy server. You should be able to go from
here, parse the values as you need to return what you want to see.
The returnBack session attribute stores to where the user will be
redirected.
Here is a diff of the login.jsp for the changes I made to see what was
out there:
--- login.jsp.original 2007-05-11 17:04:54.0 -0400
+++ login.jsp 2007-05-11 17:26:52.0 -0400
@@ -50,6 +50,9 @@
<%@ page import="com.remedy.arsys.share.MessageTranslation" %>
<%@ page import="com.remedy.arsys.config.Configuration" %>
<%@ page import="com.remedy.arsys.session.Params" %>
+<%@ page import="java.util.Enumeration" %>
+<%@ page import="javax.servlet.http.HttpSession" %>
+
@@ -83,6 +86,31 @@
+
+
+Attribute Name
+Class Name
+Value
+
+
+<% String sattr; %>
+<% String className; %>
+<% String value; %>
+
+<% for (Enumeration sattrs = session.getAttributeNames();
sattrs.hasMoreElements();) { %>
+<% sattr = (String)sattrs.nextElement(); %>
+<% className = session.getAttribute(sattr).getClass().toString(); %>
+<% value = session.getAttribute(sattr).toString(); %>
+
+<%= sattr %>
+<%= className %>
+<%= value %>
+
+<% } %>
+
+
+
+
Axton Grams
On 5/11/07, Axton <[EMAIL PROTECTED]> wrote:
Lemme see what I can turn up.
Axton Grams
On 5/11/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> Ok...the exact code I put into login.jsp was
>
> <%
>String parmTest1 = (String)request.getParameter("goto");
>String parmTest2 = (String)request.getParameter("form");
>String parmTest3 = (String)request.getParameter("server");
>if ((parmTest1 == null) && (parmTest2 == null) && (parmTest3 == null)) {
>
> out.print("Gotta Do Something");
>}
> %>
>
> The URL passed was
>
> http://webserver/arsys/servlet/ViewFormServlet?form=form&server=remserver&ei
> d=eid
>
> The results as expected was that all 3 values were blank...and it printed
> "Gotta Do Something" on the form. The fact that even after it printed that
> on the screen and it still after login took me to the record means that when
> I went to the ViewFormServlet it took the parameters and stored them
> somewhere...I think it's storing them in a cookie...but I know nothing about
> cookies...so I don't know how to retrieve that information...if that is in
> fact where it is storing it. If it's storing it in the servlet as a
> variable I don't know how to get at that either.
>
> What I'm hoping for is that this will intrigue someone with more skill in
> this area enough to actually go out and figure this out...please?
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:[EMAIL PROTECTED] On Behalf Of Grooms, Frederick W
> Sent: Friday, May 11, 2007 8:18 AM
> To: arslist@ARSLIST.ORG
> Subject: Re: Login.jsp Manipulation
>
> Sorry for jumping in late here but the Mid-Tier uses several variables
> (depending on your style of url)
>
> goto:
> http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
>
> form:
> http://WebServer/arsys/servlet/ViewFormServlet?server=ArsServer&form=For
> mName
>
>
> So something like the following may work
>
>String parmTest1 = (String)request.getParameter("goto");
>String parmTest2 = (String)request.getParameter("form");
>String parmTest3 = (String)request.getParameter("server");
>if (parmTest1 == null) AND (parmTest2 == null) AND (parmTest3 ==
> null) {
> document.forms["loginForm"].elements['goto'].value =
> "/arsys/home";
>}
>
>
> Fred
>
>
> -Original Message-----
> From: Action Request System discussion list(ARSList)
> [mailto:[EMAIL PROTECTED] On Behalf Of L. J. Head
> Sent: Thursday, May 10, 2007 1:56 PM
> To: arslist@ARSLIST.ORG
> Subject: Re: Login.jsp Manipulation
>
> Agreedbut I'm trying to figure out how to use the variable that Mid-Tier
> already has
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:[EMAIL PROTECTED]
Re: Login.jsp Manipulation
As a summary, you should be able to add the following lines and get
what you want:
<%@ page import="javax.servlet.http.HttpSession" %>
...
<%= session.getAttribute("returnBack").toString(); %>
The first line imports the class necessary to read the session attributes.
The second line prints the value of the "returnBack" session attribute.
Add the import with the other imports in login.jsp
Add the second line wherever you want to print the value.
Axton Grams
On 5/11/07, Axton <[EMAIL PROTECTED]> wrote:
Ok, here's what I see.
I modified the login.jsp to print the session attributes in a table
field. This is what I saw:
Attribute Name Class Name Value
returnBack class java.lang.String /arsys/forms/arsdev/User
arsys_login_nameclass java.lang.String
arsys_login_msg class java.lang.String
arsdev is the name of my remedy server. You should be able to go from
here, parse the values as you need to return what you want to see.
The returnBack session attribute stores to where the user will be
redirected.
Here is a diff of the login.jsp for the changes I made to see what was
out there:
--- login.jsp.original 2007-05-11 17:04:54.0 -0400
+++ login.jsp 2007-05-11 17:26:52.0 -0400
@@ -50,6 +50,9 @@
<%@ page import="com.remedy.arsys.share.MessageTranslation" %>
<%@ page import="com.remedy.arsys.config.Configuration" %>
<%@ page import="com.remedy.arsys.session.Params" %>
+<%@ page import="java.util.Enumeration" %>
+<%@ page import="javax.servlet.http.HttpSession" %>
+
@@ -83,6 +86,31 @@
+
+
+Attribute Name
+Class Name
+Value
+
+
+<% String sattr; %>
+<% String className; %>
+<% String value; %>
+
+<% for (Enumeration sattrs = session.getAttributeNames();
sattrs.hasMoreElements();) { %>
+<% sattr = (String)sattrs.nextElement(); %>
+<% className = session.getAttribute(sattr).getClass().toString(); %>
+<% value = session.getAttribute(sattr).toString(); %>
+
+<%= sattr %>
+<%= className %>
+<%= value %>
+
+<% } %>
+
+
+
+
Axton Grams
On 5/11/07, Axton <[EMAIL PROTECTED]> wrote:
> Lemme see what I can turn up.
>
> Axton Grams
>
> On 5/11/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > Ok...the exact code I put into login.jsp was
> >
> > <%
> >String parmTest1 = (String)request.getParameter("goto");
> >String parmTest2 = (String)request.getParameter("form");
> >String parmTest3 = (String)request.getParameter("server");
> >if ((parmTest1 == null) && (parmTest2 == null) && (parmTest3 == null)) {
> >
> > out.print("Gotta Do Something");
> >}
> > %>
> >
> > The URL passed was
> >
> > http://webserver/arsys/servlet/ViewFormServlet?form=form&server=remserver&ei
> > d=eid
> >
> > The results as expected was that all 3 values were blank...and it printed
> > "Gotta Do Something" on the form. The fact that even after it printed that
> > on the screen and it still after login took me to the record means that when
> > I went to the ViewFormServlet it took the parameters and stored them
> > somewhere...I think it's storing them in a cookie...but I know nothing about
> > cookies...so I don't know how to retrieve that information...if that is in
> > fact where it is storing it. If it's storing it in the servlet as a
> > variable I don't know how to get at that either.
> >
> > What I'm hoping for is that this will intrigue someone with more skill in
> > this area enough to actually go out and figure this out...please?
> > -Original Message-
> > From: Action Request System discussion list(ARSList)
> > [mailto:[EMAIL PROTECTED] On Behalf Of Grooms, Frederick W
> > Sent: Friday, May 11, 2007 8:18 AM
> > To: arslist@ARSLIST.ORG
> > Subject: Re: Login.jsp Manipulation
> >
> > Sorry for jumping in late here but the Mid-Tier uses several variables
> > (depending on your style of url)
> >
> > goto:
> > http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
> >
> > form:
> > http://WebServer/arsys/servlet/ViewFormServlet?server=ArsServer&form=For
> > mName
> >
> >
> > So something like the following may work
> >
> > String parmTest1 = (String)request.getParameter("goto");
> >String parmTest2 = (String)requ
Re: Login.jsp Manipulation
t;
> > On 5/11/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > > Ok...the exact code I put into login.jsp was
> > >
> > > <%
> > >String parmTest1 = (String)request.getParameter("goto");
> > >String parmTest2 = (String)request.getParameter("form");
> > >String parmTest3 = (String)request.getParameter("server");
> > >if ((parmTest1 == null) && (parmTest2 == null) && (parmTest3 == null))
{
> > >
> > > out.print("Gotta Do Something");
> > >}
> > > %>
> > >
> > > The URL passed was
> > >
> > >
http://webserver/arsys/servlet/ViewFormServlet?form=form&server=remserver&ei
> > > d=eid
> > >
> > > The results as expected was that all 3 values were blank...and it printed
> > > "Gotta Do Something" on the form. The fact that even after it printed
that
> > > on the screen and it still after login took me to the record means that
when
> > > I went to the ViewFormServlet it took the parameters and stored them
> > > somewhere...I think it's storing them in a cookie...but I know nothing
about
> > > cookies...so I don't know how to retrieve that information...if that is in
> > > fact where it is storing it. If it's storing it in the servlet as a
> > > variable I don't know how to get at that either.
> > >
> > > What I'm hoping for is that this will intrigue someone with more skill in
> > > this area enough to actually go out and figure this out...please?
> > > -Original Message-
> > > From: Action Request System discussion list(ARSList)
> > > [mailto:[EMAIL PROTECTED] On Behalf Of Grooms, Frederick W
> > > Sent: Friday, May 11, 2007 8:18 AM
> > > To: arslist@ARSLIST.ORG
> > > Subject: Re: Login.jsp Manipulation
> > >
> > > Sorry for jumping in late here but the Mid-Tier uses several variables
> > > (depending on your style of url)
> > >
> > > goto:
> > > http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
> > >
> > > form:
> > > http://WebServer/arsys/servlet/ViewFormServlet?server=ArsServer&form=For
> > > mName
> > >
> > >
> > > So something like the following may work
> > >
> > >String parmTest1 = (String)request.getParameter("goto");
> > >String parmTest2 = (String)request.getParameter("form");
> > >String parmTest3 = (String)request.getParameter("server");
> > >if (parmTest1 == null) AND (parmTest2 == null) AND (parmTest3 ==
> > > null) {
> > > document.forms["loginForm"].elements['goto'].value =
> > > "/arsys/home";
> > >}
> > >
> > >
> > > Fred
> > >
> > >
> > > -Original Message-
> > > From: Action Request System discussion list(ARSList)
> > > [mailto:[EMAIL PROTECTED] On Behalf Of L. J. Head
> > > Sent: Thursday, May 10, 2007 1:56 PM
> > > To: arslist@ARSLIST.ORG
> > > Subject: Re: Login.jsp Manipulation
> > >
> > > Agreedbut I'm trying to figure out how to use the variable that
Mid-Tier
> > > already has
> > >
> > > -Original Message-
> > > From: Action Request System discussion list(ARSList)
> > > [mailto:[EMAIL PROTECTED] On Behalf Of Axton
> > > Sent: Thursday, May 10, 2007 12:20 PM
> > > To: arslist@ARSLIST.ORG
> > > Subject: Re: Login.jsp Manipulation
> > >
> > > If the url uses this format, you can get at the goto parameter:
> > >
> > > http://server/arsys/shared/login.jsp?goto=/arsys/forms/server/FormName
> > >
> > > Axton Grams
> > >
> > > On 5/10/07, L. J. Head <[EMAIL PROTECTED]> wrote:
> > > > Axton,
> > > > Thank you for the suggestion of Fiddlerit has helped me delve a
> > > > bit deeper. I now see that a cookie is being set in the header with
> > > > line
> > > >
> > > > Set-Cookie: JSESSIONID=kefXv3yqCvOtNdzkZA6NbPrqCds; path=/arsys
> > > >
> > > > SoI now need to know how to browse the cookie that is being
> > > > created and check valuesany suggestions from anyone???
> > > >
> > > > -Original Message-
> > > > From: L. J. Head [mailto:[EMAIL PROTECTED]
> > > > Sent: Thursday, May 10, 2007 9
Re: Login.jsp Manipulation
Hello, I was explaining this problem to a UK Remedy customer only on Friday. Frankly, the entire "redirect to /shared/login/login.jsp" logic is utterly bizarre and I can only assume that a newbie was given the task of writing this bit of the Midtier. Clearly, if one goes to /arsys/home and is not logged in, a login page should be presented without a browser redirect. However, onto the matter in hand, can we establish if the goto parameter is set when a user goes directly to a form entry? I.e. go to a form entry when you're not logged in, and when presented with the login page, paste the contents of the form. Once you've done that we can address the problem in more detail (as we don't appear to have established this yet). John Java System Solutions : http://www.javasystemsolutions.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
Re: Login.jsp Manipulation
The value LJ was looking for was stored in a session attribute. I imagine they left the login page jsp during the 601->63 rewrite so that customers could alter it. If the page were served from a servlet, we wouldn't have any place to customize the layout/fields unless we had the source to said servlet, or some other funny hooks were there to take the place of login.jsp. Axton Grams On 5/13/07, John Baker <[EMAIL PROTECTED]> wrote: Hello, I was explaining this problem to a UK Remedy customer only on Friday. Frankly, the entire "redirect to /shared/login/login.jsp" logic is utterly bizarre and I can only assume that a newbie was given the task of writing this bit of the Midtier. Clearly, if one goes to /arsys/home and is not logged in, a login page should be presented without a browser redirect. However, onto the matter in hand, can we establish if the goto parameter is set when a user goes directly to a form entry? I.e. go to a form entry when you're not logged in, and when presented with the login page, paste the contents of the form. Once you've done that we can address the problem in more detail (as we don't appear to have established this yet). John Java System Solutions : http://www.javasystemsolutions.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are" ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
Re: Login.jsp Manipulation
In reading the thread I think you have the problem backwards John. The problem was not if a user goes to /arsys/home that they get the login prompt, it was if a user bookmarks (or goes to) the login page /arsys/shared/login.jsp with no parameters for a form then they should be redirected to the home page after logging in. (to prevent the "Web page, user, and/or server name(s) must be provided" error). Fred -Original Message- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of John Baker Sent: Sunday, May 13, 2007 4:47 PM To: arslist@ARSLIST.ORG Subject: Re: Login.jsp Manipulation Hello, I was explaining this problem to a UK Remedy customer only on Friday. Frankly, the entire "redirect to /shared/login/login.jsp" logic is utterly bizarre and I can only assume that a newbie was given the task of writing this bit of the Midtier. Clearly, if one goes to /arsys/home and is not logged in, a login page should be presented without a browser redirect. However, onto the matter in hand, can we establish if the goto parameter is set when a user goes directly to a form entry? I.e. go to a form entry when you're not logged in, and when presented with the login page, paste the contents of the form. Once you've done that we can address the problem in more detail (as we don't appear to have established this yet). John Java System Solutions : http://www.javasystemsolutions.com ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
Re: Login.jsp Manipulation
As with most things I went through several iterations before I found the
eventual solution. I will document it here for posterity sake.
When you access the Mid-Tier sever with a redirect in the URL or are
redirected by a servlet it goes into one of two variables. Request.nextPage
(if you use the goto parameter) or session.returnBack (if you went to
/arsys/home for example). In the login.jsp there is a hidden input field
named goto that by default value of <%=nextPage%>. Through the assistance
of Carey and Axton I was able to modify my login_common.jsp file. The
default line was
String nextPage = (String)request.getParameter("goto");
if (nextPage == null) {
nextPage = "";
}
All that this section of code does is ensure that the nextPage variable is
not null. I have modified my lines to be as such
String nextPage = (String)request.getParameter("goto");
if (nextPage == null) {
String returnBack = (String)session.getAttribute("returnBack");
if (returnBack == null) {
nextPage = "/arsys/home";
} else {
nextPage = "";
}
}
What this does is if nextPage is null it then checks to see if the hidden
session variable 'returnBack' is also null. If both variables are null you
will get an error on the home page stating that it doesn't know where to go.
So if both are null I set the nextPage variable to /arsys/home, if
returnBack is not null...I just continue the default behavior of setting
nextPage = "". This effectively allows people to bookmark the login.jsp
page without getting errors. It also allows for direct link URL's to allow
the user to get directly to their record.
I would like to thank the community once again for helping me solve yet
another issue.
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Sunday, May 13, 2007 5:12 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
The value LJ was looking for was stored in a session attribute. I imagine
they left the login page jsp during the 601->63 rewrite so that customers
could alter it. If the page were served from a servlet, we wouldn't have
any place to customize the layout/fields unless we had the source to said
servlet, or some other funny hooks were there to take the place of
login.jsp.
Axton Grams
On 5/13/07, John Baker <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I was explaining this problem to a UK Remedy customer only on Friday.
> Frankly, the entire "redirect to /shared/login/login.jsp" logic is
> utterly bizarre and I can only assume that a newbie was given the task
> of writing this bit of the Midtier. Clearly, if one goes to
> /arsys/home and is not logged in, a login page should be presented without
a browser redirect.
>
> However, onto the matter in hand, can we establish if the goto
> parameter is set when a user goes directly to a form entry? I.e. go to
> a form entry when you're not logged in, and when presented with the
> login page, paste the contents of the form. Once you've done that we
> can address the problem in more detail (as we don't appear to have
established this yet).
>
>
>
> John
>
> Java System Solutions : http://www.javasystemsolutions.com
>
> __
> _ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> ARSlist:"Where the Answers Are"
>
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
Re: Login.jsp Manipulation
LJ,
Thank YOU for posting your final solution. This is one of those, "gee it
be nice to fix if I had time" things, but not really on anybody's priority
list here. I read the responses to your original post with interest, but
as I'm not a web guy, I didn't have time to try to actually understand
them or turn them into something workable.
I appreciate the time you took to share a final solution that is basically
cut-n-paste-able. Gotta love the list.
Thanks again,
Thad Esser
Remedy Developer
"Argue for your limitations, and sure enough, they're yours."-- Richard
Bach
"L. J. Head" <[EMAIL PROTECTED]>
Sent by: "Action Request System discussion list(ARSList)"
05/14/2007 07:07 AM
Please respond to
arslist@ARSLIST.ORG
To
arslist@ARSLIST.ORG
cc
Subject
Re: Login.jsp Manipulation
As with most things I went through several iterations before I found the
eventual solution. I will document it here for posterity sake.
When you access the Mid-Tier sever with a redirect in the URL or are
redirected by a servlet it goes into one of two variables.
Request.nextPage
(if you use the goto parameter) or session.returnBack (if you went to
/arsys/home for example). In the login.jsp there is a hidden input field
named goto that by default value of <%=nextPage%>. Through the assistance
of Carey and Axton I was able to modify my login_common.jsp file. The
default line was
String nextPage = (String)request.getParameter("goto");
if (nextPage == null) {
nextPage = "";
}
All that this section of code does is ensure that the nextPage variable is
not null. I have modified my lines to be as such
String nextPage = (String)request.getParameter("goto");
if (nextPage == null) {
String returnBack =
(String)session.getAttribute("returnBack");
if (returnBack == null) {
nextPage = "/arsys/home";
} else {
nextPage = "";
}
}
What this does is if nextPage is null it then checks to see if the hidden
session variable 'returnBack' is also null. If both variables are null
you
will get an error on the home page stating that it doesn't know where to
go.
So if both are null I set the nextPage variable to /arsys/home, if
returnBack is not null...I just continue the default behavior of setting
nextPage = "". This effectively allows people to bookmark the login.jsp
page without getting errors. It also allows for direct link URL's to
allow
the user to get directly to their record.
I would like to thank the community once again for helping me solve yet
another issue.
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Sunday, May 13, 2007 5:12 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
The value LJ was looking for was stored in a session attribute. I imagine
they left the login page jsp during the 601->63 rewrite so that customers
could alter it. If the page were served from a servlet, we wouldn't have
any place to customize the layout/fields unless we had the source to said
servlet, or some other funny hooks were there to take the place of
login.jsp.
Axton Grams
On 5/13/07, John Baker <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I was explaining this problem to a UK Remedy customer only on Friday.
> Frankly, the entire "redirect to /shared/login/login.jsp" logic is
> utterly bizarre and I can only assume that a newbie was given the task
> of writing this bit of the Midtier. Clearly, if one goes to
> /arsys/home and is not logged in, a login page should be presented
without
a browser redirect.
>
> However, onto the matter in hand, can we establish if the goto
> parameter is set when a user goes directly to a form entry? I.e. go to
> a form entry when you're not logged in, and when presented with the
> login page, paste the contents of the form. Once you've done that we
> can address the problem in more detail (as we don't appear to have
established this yet).
>
>
>
> John
>
> Java System Solutions : http://www.javasystemsolutions.com
>
> __
> _ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> ARSlist:"Where the Answers Are"
>
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where
the
Answers Are"
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where
the Answers Are"
***IMPOR
Re: Login.jsp Manipulation
I have found so much in the archives that was 'cut and paste' as you
say...when I get the help to the problem from the list I try to contribute
back to it..:)
_
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Thad K Esser
Sent: Monday, May 14, 2007 11:07 AM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
**
LJ,
Thank YOU for posting your final solution. This is one of those, "gee it be
nice to fix if I had time" things, but not really on anybody's priority list
here. I read the responses to your original post with interest, but as I'm
not a web guy, I didn't have time to try to actually understand them or turn
them into something workable.
I appreciate the time you took to share a final solution that is basically
cut-n-paste-able. Gotta love the list.
Thanks again,
Thad Esser
Remedy Developer
"Argue for your limitations, and sure enough, they're yours."-- Richard Bach
"L. J. Head" <[EMAIL PROTECTED]>
Sent by: "Action Request System discussion list(ARSList)"
05/14/2007 07:07 AM
Please respond to
arslist@ARSLIST.ORG
To
arslist@ARSLIST.ORG
cc
Subject
Re: Login.jsp Manipulation
As with most things I went through several iterations before I found the
eventual solution. I will document it here for posterity sake.
When you access the Mid-Tier sever with a redirect in the URL or are
redirected by a servlet it goes into one of two variables. Request.nextPage
(if you use the goto parameter) or session.returnBack (if you went to
/arsys/home for example). In the login.jsp there is a hidden input field
named goto that by default value of <%=nextPage%>. Through the assistance
of Carey and Axton I was able to modify my login_common.jsp file. The
default line was
String nextPage = (String)request.getParameter("goto");
if (nextPage == null) {
nextPage = "";
}
All that this section of code does is ensure that the nextPage variable is
not null. I have modified my lines to be as such
String nextPage = (String)request.getParameter("goto");
if (nextPage == null) {
String returnBack =
(String)session.getAttribute("returnBack");
if (returnBack == null) {
nextPage = "/arsys/home";
} else {
nextPage = "";
}
}
What this does is if nextPage is null it then checks to see if the hidden
session variable 'returnBack' is also null. If both variables are null you
will get an error on the home page stating that it doesn't know where to go.
So if both are null I set the nextPage variable to /arsys/home, if
returnBack is not null...I just continue the default behavior of setting
nextPage = "". This effectively allows people to bookmark the login.jsp
page without getting errors. It also allows for direct link URL's to allow
the user to get directly to their record.
I would like to thank the community once again for helping me solve yet
another issue.
-Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Sunday, May 13, 2007 5:12 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
The value LJ was looking for was stored in a session attribute. I imagine
they left the login page jsp during the 601->63 rewrite so that customers
could alter it. If the page were served from a servlet, we wouldn't have
any place to customize the layout/fields unless we had the source to said
servlet, or some other funny hooks were there to take the place of
login.jsp.
Axton Grams
On 5/13/07, John Baker <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I was explaining this problem to a UK Remedy customer only on Friday.
> Frankly, the entire "redirect to /shared/login/login.jsp" logic is
> utterly bizarre and I can only assume that a newbie was given the task
> of writing this bit of the Midtier. Clearly, if one goes to
> /arsys/home and is not logged in, a login page should be presented without
a browser redirect.
>
> However, onto the matter in hand, can we establish if the goto
> parameter is set when a user goes directly to a form entry? I.e. go to
> a form entry when you're not logged in, and when presented with the
> login page, paste the contents of the form. Once you've done that we
> can address the problem in more detail (as we don't appear to have
established this yet).
>
>
>
> John
>
> Java System Solutions : http://www.javasystemsolutions.com
>
> __
> _ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> ARSlist:"Where the Answe
Re: Login.jsp Manipulation
This solves a major pain for me. I constantly have people bookmark the
login page. Thanks for sharing this info.
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of L. J. Head
Sent: Monday, May 14, 2007 10:08 AM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
As with most things I went through several iterations before I found the
eventual solution. I will document it here for posterity sake.
When you access the Mid-Tier sever with a redirect in the URL or are
redirected by a servlet it goes into one of two variables.
Request.nextPage (if you use the goto parameter) or session.returnBack
(if you went to /arsys/home for example). In the login.jsp there is a
hidden input field named goto that by default value of <%=nextPage%>.
Through the assistance of Carey and Axton I was able to modify my
login_common.jsp file. The default line was
String nextPage = (String)request.getParameter("goto");
if (nextPage == null) {
nextPage = "";
}
All that this section of code does is ensure that the nextPage variable
is not null. I have modified my lines to be as such
String nextPage = (String)request.getParameter("goto");
if (nextPage == null) {
String returnBack = (String)session.getAttribute("returnBack");
if (returnBack == null) {
nextPage = "/arsys/home";
} else {
nextPage = "";
}
}
What this does is if nextPage is null it then checks to see if the
hidden session variable 'returnBack' is also null. If both variables
are null you will get an error on the home page stating that it doesn't
know where to go.
So if both are null I set the nextPage variable to /arsys/home, if
returnBack is not null...I just continue the default behavior of setting
nextPage = "". This effectively allows people to bookmark the login.jsp
page without getting errors. It also allows for direct link URL's to
allow the user to get directly to their record.
I would like to thank the community once again for helping me solve yet
another issue.
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Sunday, May 13, 2007 5:12 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
The value LJ was looking for was stored in a session attribute. I
imagine they left the login page jsp during the 601->63 rewrite so that
customers could alter it. If the page were served from a servlet, we
wouldn't have any place to customize the layout/fields unless we had the
source to said servlet, or some other funny hooks were there to take the
place of login.jsp.
Axton Grams
On 5/13/07, John Baker <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I was explaining this problem to a UK Remedy customer only on Friday.
> Frankly, the entire "redirect to /shared/login/login.jsp" logic is
> utterly bizarre and I can only assume that a newbie was given the task
> of writing this bit of the Midtier. Clearly, if one goes to
> /arsys/home and is not logged in, a login page should be presented
> without
a browser redirect.
>
> However, onto the matter in hand, can we establish if the goto
> parameter is set when a user goes directly to a form entry? I.e. go to
> a form entry when you're not logged in, and when presented with the
> login page, paste the contents of the form. Once you've done that we
> can address the problem in more detail (as we don't appear to have
established this yet).
>
>
>
> John
>
> Java System Solutions : http://www.javasystemsolutions.com
>
> __
> _ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> ARSlist:"Where the Answers Are"
>
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where
the Answers Are"
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where
the Answers Are"
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
Re: Login.jsp Manipulation
That is the exact problem that sent me down this path several months
ago...but the solution I had at the time broke other functionality...:) I
personally thing that all Mid-Tier installs should default to this
configuration...hmmm...maybe I should submit an enhancement request.
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Sokol, Brian
Sent: Monday, May 14, 2007 1:12 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
This solves a major pain for me. I constantly have people bookmark the login
page. Thanks for sharing this info.
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of L. J. Head
Sent: Monday, May 14, 2007 10:08 AM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
As with most things I went through several iterations before I found the
eventual solution. I will document it here for posterity sake.
When you access the Mid-Tier sever with a redirect in the URL or are
redirected by a servlet it goes into one of two variables.
Request.nextPage (if you use the goto parameter) or session.returnBack (if
you went to /arsys/home for example). In the login.jsp there is a hidden
input field named goto that by default value of <%=nextPage%>.
Through the assistance of Carey and Axton I was able to modify my
login_common.jsp file. The default line was
String nextPage = (String)request.getParameter("goto");
if (nextPage == null) {
nextPage = "";
}
All that this section of code does is ensure that the nextPage variable is
not null. I have modified my lines to be as such
String nextPage = (String)request.getParameter("goto");
if (nextPage == null) {
String returnBack = (String)session.getAttribute("returnBack");
if (returnBack == null) {
nextPage = "/arsys/home";
} else {
nextPage = "";
}
}
What this does is if nextPage is null it then checks to see if the hidden
session variable 'returnBack' is also null. If both variables are null you
will get an error on the home page stating that it doesn't know where to go.
So if both are null I set the nextPage variable to /arsys/home, if
returnBack is not null...I just continue the default behavior of setting
nextPage = "". This effectively allows people to bookmark the login.jsp
page without getting errors. It also allows for direct link URL's to allow
the user to get directly to their record.
I would like to thank the community once again for helping me solve yet
another issue.
-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of Axton
Sent: Sunday, May 13, 2007 5:12 PM
To: arslist@ARSLIST.ORG
Subject: Re: Login.jsp Manipulation
The value LJ was looking for was stored in a session attribute. I imagine
they left the login page jsp during the 601->63 rewrite so that customers
could alter it. If the page were served from a servlet, we wouldn't have
any place to customize the layout/fields unless we had the source to said
servlet, or some other funny hooks were there to take the place of
login.jsp.
Axton Grams
On 5/13/07, John Baker <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I was explaining this problem to a UK Remedy customer only on Friday.
> Frankly, the entire "redirect to /shared/login/login.jsp" logic is
> utterly bizarre and I can only assume that a newbie was given the task
> of writing this bit of the Midtier. Clearly, if one goes to
> /arsys/home and is not logged in, a login page should be presented
> without
a browser redirect.
>
> However, onto the matter in hand, can we establish if the goto
> parameter is set when a user goes directly to a form entry? I.e. go to
> a form entry when you're not logged in, and when presented with the
> login page, paste the contents of the form. Once you've done that we
> can address the problem in more detail (as we don't appear to have
established this yet).
>
>
>
> John
>
> Java System Solutions : http://www.javasystemsolutions.com
>
> __
> _ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> ARSlist:"Where the Answers Are"
>
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the
Answers Are"
