Re: Form-based authentication: original request URI...?
Hi, Orion 1.4.5 doesn't remember the original target URL correctly after an incorrect login. This bug is fixed in 1.4.8. What works for me is: - In the errorpage I display some additional information to the user and then forward the request to the original loginpage (using RequestDispatcher) to have exactly the same form displayed in both cases. Also after logging in from the form in the errorpage orion directs you to the original target. hope it helps, Peter Attila Bodis wrote: > Hi, I managed to get forms-based authentication working (Orion > 1.4.5/Win2K), but I have a question. Here is what happens: 1) > user tries to access protected resource "protected.jsp" 2) Orion > redirects user to the login page "login.jsp" instead 3) user > enters *incorrect* userid/password and submits the form 4) Orion > shows the error page "error.jsp", as it should So far, so good, but on > the error page I'd like to say something like "click here to retry," > with a link to the *original* page that triggered the authentication > in the first place (in this case "protected.jsp"). Note that if I put > a link to "login.jsp" on the error page, the user will be stuck in a > loop as successful authentication will just redisplay the login page > itself. The question is: is there a way (either inside the login page > or in the error page) of somehow determining what the original request > URI was that triggered the authentication to begin with? I already > tried request.getRequestURI() inside "login.jsp," but it evaluates to > "login.jsp," not "protected.jsp" as I'd like. Clearly Orion stores > the original request URI somewhere (otherwise it wouldn't know where > to go after a successful login), but how can I get at this > information??? Any help would be greatly appreciated! > Attila Attila BodisDevelopment Manager, Mobile Hosting800 > Bridge Pkwy #2068Redwood Shores, CA 94065(650) 506-4767 (w) > (650) 346-6156 (m)[EMAIL PROTECTED] Visit the > OracleMobile Online Studio at http://studio.oraclemobile.com.
Re: Form-based authentication: original request URI...?
Thanks for the suggestion; that's what I ended up doing. Not pretty, but works for now. Attila - Original Message - From: cybermaster To: Orion-Interest Sent: Thursday, May 03, 2001 6:54 PM Subject: RE: Form-based authentication: original request URI...? Hi Attila, FORM based authentication is somewhat limited with respect to the use-cases it supports. On your error page include something like: Try again This works fine for me. Cheers --peter 650-561-9273 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Attila BodisSent: Thursday, May 03, 2001 6:25 PMTo: Orion-InterestSubject: Form-based authentication: original request URI...? Hi, I managed to get forms-based authentication working (Orion 1.4.5/Win2K), but I have a question. Here is what happens: 1) user tries to access protected resource "protected.jsp" 2) Orion redirects user to the login page "login.jsp" instead 3) user enters *incorrect* userid/password and submits the form 4) Orion shows the error page "error.jsp", as it should So far, so good, but on the error page I'd like to say something like "click here to retry," with a link to the *original* page that triggered the authentication in the first place (in this case "protected.jsp"). Note that if I put a link to "login.jsp" on the error page, the user will be stuck in a loop as successful authentication will just redisplay the login page itself. The question is: is there a way (either inside the login page or in the error page) of somehow determining what the original request URI was that triggered the authentication to begin with? I already tried request.getRequestURI() inside "login.jsp," but it evaluates to "login.jsp," not "protected.jsp" as I'd like. Clearly Orion stores the original request URI somewhere (otherwise it wouldn't know where to go after a successful login), but how can I get at this information??? Any help would be greatly appreciated! Attila Attila Bodis Development Manager, Mobile Hosting 800 Bridge Pkwy #2068 Redwood Shores, CA 94065 (650) 506-4767 (w) (650) 346-6156 (m) [EMAIL PROTECTED] Visit the OracleMobile Online Studio at http://studio.oraclemobile.com.
RE: Form-based authentication: original request URI...?
Hi Attila, FORM based authentication is somewhat limited with respect to the use-cases it supports. On your error page include something like: Try" again This works fine for me. Cheers --peter 650-561-9273 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Attila Bodis Sent: Thursday, May 03, 2001 6:25 PM To: Orion-Interest Subject: Form-based authentication: original request URI...? Hi, I managed to get forms-based authentication working (Orion 1.4.5/Win2K), but I have a question. Here is what happens: 1) user tries to access protected resource "protected.jsp" 2) Orion redirects user to the login page "login.jsp" instead 3) user enters *incorrect* userid/password and submits the form 4) Orion shows the error page "error.jsp", as it should So far, so good, but on the error page I'd like to say something like "click here to retry," with a link to the *original* page that triggered the authentication in the first place (in this case "protected.jsp"). Note that if I put a link to "login.jsp" on the error page, the user will be stuck in a loop as successful authentication will just redisplay the login page itself. The question is: is there a way (either inside the login page or in the error page) of somehow determining what the original request URI was that triggered the authentication to begin with? I already tried request.getRequestURI() inside "login.jsp," but it evaluates to "login.jsp," not "protected.jsp" as I'd like. Clearly Orion stores the original request URI somewhere (otherwise it wouldn't know where to go after a successful login), but how can I get at this information??? Any help would be greatly appreciated! Attila Attila Bodis Development Manager, Mobile Hosting 800 Bridge Pkwy #2068 Redwood Shores, CA 94065 (650) 506-4767 (w) (650) 346-6156 (m) [EMAIL PROTECTED] Visit the OracleMobile Online Studio at http://studio.oraclemobile.com.
Form-based authentication: original request URI...?
Hi, I managed to get forms-based authentication working (Orion 1.4.5/Win2K), but I have a question. Here is what happens: 1) user tries to access protected resource "protected.jsp" 2) Orion redirects user to the login page "login.jsp" instead 3) user enters *incorrect* userid/password and submits the form 4) Orion shows the error page "error.jsp", as it should So far, so good, but on the error page I'd like to say something like "click here to retry," with a link to the *original* page that triggered the authentication in the first place (in this case "protected.jsp"). Note that if I put a link to "login.jsp" on the error page, the user will be stuck in a loop as successful authentication will just redisplay the login page itself. The question is: is there a way (either inside the login page or in the error page) of somehow determining what the original request URI was that triggered the authentication to begin with? I already tried request.getRequestURI() inside "login.jsp," but it evaluates to "login.jsp," not "protected.jsp" as I'd like. Clearly Orion stores the original request URI somewhere (otherwise it wouldn't know where to go after a successful login), but how can I get at this information??? Any help would be greatly appreciated! Attila Attila Bodis Development Manager, Mobile Hosting 800 Bridge Pkwy #2068 Redwood Shores, CA 94065 (650) 506-4767 (w) (650) 346-6156 (m) [EMAIL PROTECTED] Visit the OracleMobile Online Studio at http://studio.oraclemobile.com. BEGIN:VCARD VERSION:2.1 N:Bodis;Attila FN:Attila Bodis NICKNAME:Attila ORG:OracleMobile;OracleMobile Online Studio TITLE:Development Lead TEL;WORK;VOICE:(650) 506-4767 TEL;CELL;VOICE:(650) 346-6156 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;10bpM205;500 Oracle Pkwy=0D=0AMailstop 10bp2;Redwood Shores;CA;94065 LABEL;WORK;ENCODING=QUOTED-PRINTABLE:10bpM205=0D=0A500 Oracle Pkwy=0D=0AMailstop 10bp2=0D=0ARedwood Shores, CA 94= 065 X-WAB-GENDER:2 URL: URL:http://studio.oraclemobile.com EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20010504T002441Z END:VCARD