2012/11/8 Russ Kepler <r...@kepler-eng.com>: > Using: > > Linux main 3.2.0-32 > Tomcat 7.0.32 > Java version "1.7.0_09" > (working through Eclipse Juno) > > I've been assigned what should have been a pretty simple task, a jnlp launcher > following a login to the web server. I've implemented what seemed to me to be > the simplest solution - form based login going through j_security_check, after > which I pass the jsessionid through a .jnlp built on the fly. This would pass
1. When and how do you obtain the value for your jsessionid? Beware that the session id is changing when you do authentication. That is done to prevent session fixation attacks. > the session to the Java Web Start and let me pass it as well to me > application. I was planning on having the application perform the login > manually if it isn't given a working session on startup. I'm not having a lot > of luck. > > I believe that I have the user login bit setup correct as I see the failed > login when I enter the incorrect login. When I enter a working name/password > pair I get a 408 - timeout. That goes away if I change web.xml: > > <session-config> > <session-timeout>30</session-timeout> > <tracking-mode>URL</tracking-mode> > </session-config> > > to the cookie form: > > <session-config> > <session-timeout>30</session-timeout> > <tracking-mode>COOKIE</tracking-mode> > </session-config> > > After that everything works as expected, so it appears that the 408 is related > to the URL tracking. I've tried this with the internal browser in Eclipse as > well as Firefox and get the same problem. I'm guessing the j_security_check > isn't redirecting with a rewritten URL and instead returns a timeout on a > successful login. > 2. It isn't timeout. It means that you've got a new session, and so Tomcat does not know where to redirect you after the login. See response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT call in o.a.c.authenticator.FormAuthenticator > If this is a known behaviour I have not been able to find anything after > spending a lot of time in google (more people seem to be trying to get rid of > the url rewrite), but since this is a new environment I may not have a grip of > the appropriate tags to be searching. > BTW, if you want to try running with a debugger, see https://wiki.apache.org/tomcat/FAQ/Developing#Debugging Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
