I have the following in my web.xml and it works fine for me on 5.0.4:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp?error=true</form-error-page>
</form-login-config>
</login-config>
A couple changes that I've noticed though:
When I'm routed to the login page, the browser's address bar says the URL I
requested, rather than "/login.jsp" - very cool! Also, I found that
request.getRequestURL() does show me the page I requested. This was not the
case in 4.1.24. This is awesome IMO b/c now users will not bookmark
"/login.jsp". And even if they do type it in (ctx/login.jsp), my 400 error
page routes them to "index.jsp" which goes to the main menu. All of this
did not work in 4.1.24 and now it does in 5.0.4. Happy day.
Matt
-----Original Message-----
From: Oleg S. Estehin [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2003 8:39 AM
To: [EMAIL PROTECTED]
Subject: Tomcat 5.0.4 fails to serve form-login-error page properly
Hi
I am porting my application from Tomcat 4.1.24 to Tomcat 5.0.4 (i.e. porting
from Servlets 2.3/JSP 1.2 to Servlets 2.4/JSP 2.0).
I have a servlet mapped to "/auth" that produces the page with login form.
Form based authentication is set with the following fragment of the
deployment descriptor:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/auth</form-login-page>
<form-error-page>/auth?action=error</form-error-page>
</form-login-config>
</login-config>
When the servlet is called with "?action=error" query string it displays
additional warning besides the login form.
It was working perfectly in Tomcat 4.1.24 but it works in Tomcat 5.0.4 only
in half:
When user tries to access protected page he is presented with login page. If
he enters valid login/password then he receives access to the resourse.
But if the user enters invalid login/password then instead of
form-error-page Tomcat displays "HTTP Status 405 - HTTP method POST is not
supported by this URL" error with URL "http://myhost.here/j_security_check";.
I have tried to set up AccessLogValve and RequestDumpValve and to set debug
attribute on every element in servlet.xml and my context.xml (where
applicable) in order to try to understand what is going on inside Tomcat 5,
but no luck so far - request damp just shows that 1) there was request to
protected resourse 2) Tomcat returned form-login-page 3) user sent it back
with invalid login/password 4) Tomcat returned error 405.
I had expected that there should be output from Realm between 3) and 4) but
there is not.
So, at the moment the conclusion is that the code that worked perfectly in
Tomcat 4.1.24 doesn't work in Tomcat 5.0.4 and i don't know why but i would
be delighted if somebody will help me to find this out :)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
