On Wed, 17 Jul 2002, Brad Rhoads wrote:
> Date: Wed, 17 Jul 2002 13:44:55 -0500
> From: Brad Rhoads <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED]
> To: 'Tomcat Users List' <[EMAIL PROTECTED]>
> Subject: How to specify j_security_check success target
>
>
> When using FORM security, your logon page must post to j_security_check. If
> the logon fails, then you end up at the page specified in
> <form-errror-page>. From what I understand, if the logon is successful,
> you'll be sent to what ever page you initially requested. Correct?
>
> If so, how do I override that behavior? Let's say after a logon I always
> want the user to go to mainmenu.jsp.
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>Example Form-Based Authentication Area</realm-name>
> <form-login-config>
> <form-login-page>/jsp/security/protected/login.jsp</form-login-page>
> <form-error-page>/jsp/security/protected/error.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
You're trying to use form based login incorrectly.
The basic flow is designed to go like this:
- User makes a request for a URL
- Container sees that this URL is protected by a security constraint
- Container saves the original request and displays the login page
- Assuming successful authentication, the container
performs the *original* request.
If it still doesn't make sense, temporarily switch your app to use BASIC
authentication (where the browser pops up the dialog box). There's no
such thing as "directing the user to a particular page" in this scenario.
Form based login is designed to work exactly the same (from a user
experience point of view) with the sole exception being that your login
page is used instead of the browser's dialog box.
Craig
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>