Re: Form Login bouncing me to welcome page!
All I can guess is that your /Login.jsp contains a redirect to "/", which will then show your welcome file, if you have one declared. What happens if you remove the security constraint and THEN request /Login.jsp? If you STILL get the welcome page, then security clearly isn't the problem. Nick At 01:34 PM 2/1/01 -0800, you wrote: I agree that is the correct sequence, but that is not what I get. Assume I have a welcome file defined called welcome.jsp. The sequence of events is: - User requests secured page /Login.jsp - User is redirected to LoginForm.jsp - User enters correct credentials - User is logged in - User is displayed the contents of welcome.jsp. OR: - User requests secured page /Login.jsp - User is redirected to LoginForm.jsp - User enters INCORRECT credentials - User is NOT logged in - User is STILL displayed the contents of welcome.jsp. I also had the case where I didn't have a welcome file defined, but had directory browsing enabled, and I get the directory contents after doing the above sequences. This doesn't seem right to me, but I can't figure out what is wrong. What can cause this? Gerald. At 09:30 AM 2/1/2001 -0700, you wrote: The sequence of events is: - The user requests a secured page (/Login.jsp, in your case). - The server intercepts the request and redirects to the form-based login page (LoginForm.jsp) - If the user logs in successfully, the server allows the original request to proceed (ie. Login.jsp is displayed). So if by "the welcome page" you mean the Login.jsp page, then that is as expected. If you see something else, then this could possibly be the result of something you do on that page (such as redirection). Nick At 10:19 PM 1/31/01 -0800, you wrote: I've searched the mailing list, but there doesn't seem to be information on this. I'm a little desparate now. I'm using a form-based login for my web application. When a user hits Login.jsp, s/he must log in. I have the LoginForm.jsp and LoginError.jsp files in / of my context root. This redirection to the LoginForm.jsp does occur, but regardless of whether the user logged in successfully or not, he is dumped back to the welcome page. The actual logging in is successful, i.e. if he provided the correct credentials, he's logged in, but still dumped back to the welcome page. Here is the relevant portion of my web.xml: security-constraint web-resource-collection web-resource-nameLoginTrigger/web-resource-name descriptionLoginTrigger/description url-pattern/Login.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameportal_gamer/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-namedefault/realm-name form-login-config form-login-pageLoginForm.jsp/form-login-page form-error-pageLoginError.jsp/form-error-page /form-login-config /login-config security-role role-nameportal_gamer/role-name /security-role Which part of the magic am I missing?
RE: Form Login bouncing me to welcome page!
there should have been a entry for welcome.jsp under security-contraints for example: security-constraint web-resource-collection web-resource-nameUnnamed/web-resource-name url-pattern/welcome.jsp/url-pattern -Original Message- From: Gerald Gutierrez [SMTP:[EMAIL PROTECTED]] Sent: Thursday, February 01, 2001 4:34 PM To: Orion-Interest Subject: Re: Form Login bouncing me to welcome page! I agree that is the correct sequence, but that is not what I get. Assume I have a welcome file defined called welcome.jsp. The sequence of events is: - User requests secured page /Login.jsp - User is redirected to LoginForm.jsp - User enters correct credentials - User is logged in - User is displayed the contents of welcome.jsp. OR: - User requests secured page /Login.jsp - User is redirected to LoginForm.jsp - User enters INCORRECT credentials - User is NOT logged in - User is STILL displayed the contents of welcome.jsp. I also had the case where I didn't have a welcome file defined, but had directory browsing enabled, and I get the directory contents after doing the above sequences. This doesn't seem right to me, but I can't figure out what is wrong. What can cause this? Gerald. At 09:30 AM 2/1/2001 -0700, you wrote: The sequence of events is: - The user requests a secured page (/Login.jsp, in your case). - The server intercepts the request and redirects to the form-based login page (LoginForm.jsp) - If the user logs in successfully, the server allows the original request to proceed (ie. Login.jsp is displayed). So if by "the welcome page" you mean the Login.jsp page, then that is as expected. If you see something else, then this could possibly be the result of something you do on that page (such as redirection). Nick At 10:19 PM 1/31/01 -0800, you wrote: I've searched the mailing list, but there doesn't seem to be information on this. I'm a little desparate now. I'm using a form-based login for my web application. When a user hits Login.jsp, s/he must log in. I have the LoginForm.jsp and LoginError.jsp files in / of my context root. This redirection to the LoginForm.jsp does occur, but regardless of whether the user logged in successfully or not, he is dumped back to the welcome page. The actual logging in is successful, i.e. if he provided the correct credentials, he's logged in, but still dumped back to the welcome page. Here is the relevant portion of my web.xml: security-constraint web-resource-collection web-resource-nameLoginTrigger/web-resource-name descriptionLoginTrigger/description url-pattern/Login.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameportal_gamer/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-namedefault/realm-name form-login-config form-login-pageLoginForm.jsp/form-login-page form-error-pageLoginError.jsp/form-error-page /form-login-config /login-config security-role role-nameportal_gamer/role-name /security-role Which part of the magic am I missing? -- CONFIDENTIALITY NOTICE: If you have received this e-mail in error, please immediately notify the sender by e-mail at the address shown. This e-mail transmission may contain confidential information. This information is intended only for the use of the individual(s) or entity to whom it is intended even if addressed incorrectly. Please delete it from your files if you are not the intended recipient. Thank you for your compliance.
RE: Form Login bouncing me to welcome page!
I'm working with form-based authentication in iPlanet AS 6.0, but much of this is the same regardless of the app server. We've been constraining security on a directory (url-pattern is "/secured/*"). Then you place your Login.jsp in the secured area. Make sure the login form and the login error pages are **not** in /secured. Other security constrained content would also be placed in the /secured directory. We've also gone to using a mapped servlet as the coordinator (MVC/Model 2 architecture) and this has worked well for us. Good luck with this. -- chris -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Angus Mark Sent: Thursday, February 01, 2001 4:23 AM To: Orion-Interest Subject: RE: Form Login bouncing me to welcome page! So, when the user is going to http://host:port/yourapp/Login.jsp they get redirected to LoginForm.jsp. They then authenticate and should see the resource they requested (ie: http://host:port/yourapp/Login.jsp) - is this what you mean by the welcome page ?? Hope that helps Angus
Re: Form Login bouncing me to welcome page!
Is your welcome jsp a protected resource? That should fix it. Matt Gerald Gutierrez wrote: I've searched the mailing list, but there doesn't seem to be information on this. I'm a little desparate now. I'm using a form-based login for my web application. When a user hits Login.jsp, s/he must log in. I have the LoginForm.jsp and LoginError.jsp files in / of my context root. This redirection to the LoginForm.jsp does occur, but regardless of whether the user logged in successfully or not, he is dumped back to the welcome page. The actual logging in is successful, i.e. if he provided the correct credentials, he's logged in, but still dumped back to the welcome page. Here is the relevant portion of my web.xml: security-constraint web-resource-collection web-resource-nameLoginTrigger/web-resource-name descriptionLoginTrigger/description url-pattern/Login.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameportal_gamer/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-namedefault/realm-name form-login-config form-login-pageLoginForm.jsp/form-login-page form-error-pageLoginError.jsp/form-error-page /form-login-config /login-config security-role role-nameportal_gamer/role-name /security-role Which part of the magic am I missing?
RE: Form Login bouncing me to welcome page!
So, when the user is going to http://host:port/yourapp/Login.jsp they get redirected to LoginForm.jsp. They then authenticate and should see the resource they requested (ie: http://host:port/yourapp/Login.jsp) - is this what you mean by the welcome page ?? Hope that helps Angus
Re: Form Login bouncing me to welcome page!
I agree that is the correct sequence, but that is not what I get. Assume I have a welcome file defined called welcome.jsp. The sequence of events is: - User requests secured page /Login.jsp - User is redirected to LoginForm.jsp - User enters correct credentials - User is logged in - User is displayed the contents of welcome.jsp. OR: - User requests secured page /Login.jsp - User is redirected to LoginForm.jsp - User enters INCORRECT credentials - User is NOT logged in - User is STILL displayed the contents of welcome.jsp. I also had the case where I didn't have a welcome file defined, but had directory browsing enabled, and I get the directory contents after doing the above sequences. This doesn't seem right to me, but I can't figure out what is wrong. What can cause this? Gerald. At 09:30 AM 2/1/2001 -0700, you wrote: The sequence of events is: - The user requests a secured page (/Login.jsp, in your case). - The server intercepts the request and redirects to the form-based login page (LoginForm.jsp) - If the user logs in successfully, the server allows the original request to proceed (ie. Login.jsp is displayed). So if by "the welcome page" you mean the Login.jsp page, then that is as expected. If you see something else, then this could possibly be the result of something you do on that page (such as redirection). Nick At 10:19 PM 1/31/01 -0800, you wrote: I've searched the mailing list, but there doesn't seem to be information on this. I'm a little desparate now. I'm using a form-based login for my web application. When a user hits Login.jsp, s/he must log in. I have the LoginForm.jsp and LoginError.jsp files in / of my context root. This redirection to the LoginForm.jsp does occur, but regardless of whether the user logged in successfully or not, he is dumped back to the welcome page. The actual logging in is successful, i.e. if he provided the correct credentials, he's logged in, but still dumped back to the welcome page. Here is the relevant portion of my web.xml: security-constraint web-resource-collection web-resource-nameLoginTrigger/web-resource-name descriptionLoginTrigger/description url-pattern/Login.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameportal_gamer/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-namedefault/realm-name form-login-config form-login-pageLoginForm.jsp/form-login-page form-error-pageLoginError.jsp/form-error-page /form-login-config /login-config security-role role-nameportal_gamer/role-name /security-role Which part of the magic am I missing?
Re: Form Login bouncing me to welcome page!
The sequence of events is: - The user requests a secured page (/Login.jsp, in your case). - The server intercepts the request and redirects to the form-based login page (LoginForm.jsp) - If the user logs in successfully, the server allows the original request to proceed (ie. Login.jsp is displayed). So if by "the welcome page" you mean the Login.jsp page, then that is as expected. If you see something else, then this could possibly be the result of something you do on that page (such as redirection). Nick At 10:19 PM 1/31/01 -0800, you wrote: I've searched the mailing list, but there doesn't seem to be information on this. I'm a little desparate now. I'm using a form-based login for my web application. When a user hits Login.jsp, s/he must log in. I have the LoginForm.jsp and LoginError.jsp files in / of my context root. This redirection to the LoginForm.jsp does occur, but regardless of whether the user logged in successfully or not, he is dumped back to the welcome page. The actual logging in is successful, i.e. if he provided the correct credentials, he's logged in, but still dumped back to the welcome page. Here is the relevant portion of my web.xml: security-constraint web-resource-collection web-resource-nameLoginTrigger/web-resource-name descriptionLoginTrigger/description url-pattern/Login.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameportal_gamer/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-namedefault/realm-name form-login-config form-login-pageLoginForm.jsp/form-login-page form-error-pageLoginError.jsp/form-error-page /form-login-config /login-config security-role role-nameportal_gamer/role-name /security-role Which part of the magic am I missing?
RE: Form Login bouncing me to welcome page!
Your web-resource-collection is a bit wrong (I think). Try this instead: web-resource-collection web-resource-nameLoginTrigger/web-resource-name descriptionLoginTrigger/description url-pattern/path/to/protected/resources/url-pattern url-pattern/another/path/to/protected/resources/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection At least this is how I do it, and it works for me :-) Espen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gerald Gutierrez Sent: 1. februar 2001 07:20 To: Orion-Interest Subject: Form Login bouncing me to welcome page! I've searched the mailing list, but there doesn't seem to be information on this. I'm a little desparate now. I'm using a form-based login for my web application. When a user hits Login.jsp, s/he must log in. I have the LoginForm.jsp and LoginError.jsp files in / of my context root. This redirection to the LoginForm.jsp does occur, but regardless of whether the user logged in successfully or not, he is dumped back to the welcome page. The actual logging in is successful, i.e. if he provided the correct credentials, he's logged in, but still dumped back to the welcome page. Here is the relevant portion of my web.xml: security-constraint web-resource-collection web-resource-nameLoginTrigger/web-resource-name descriptionLoginTrigger/description url-pattern/Login.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameportal_gamer/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-namedefault/realm-name form-login-config form-login-pageLoginForm.jsp/form-login-page form-error-pageLoginError.jsp/form-error-page /form-login-config /login-config security-role role-nameportal_gamer/role-name /security-role Which part of the magic am I missing?