You should also have a look at /org/apache/catalina/authenticator/FormAuthenticator.java In this class you can find the details about how requests are saved and restored.
When I once digged into the details I wondered whether it is correct to restore all the headers of the original request. E.g., if a user clears the browser cache while the browser shows the login dialog, the resubmit of the original request will not include an 'if-modified-since' header, which was available in the stored request. In such a situation the servlet will see the header from the original request and could decide to return NOT MODIFIED status. The servlet spec does not tell you if this is correct behavior or not, but it may be interesting to know about this behavior. (And that's why we like open source projects where we can look how it really works :-) Regards, Matthias -----Original Message----- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 6:02 PM To: Tomcat Users List Subject: RE: j_security_check redirect after login > From: Andrew R Feller [mailto:[EMAIL PROTECTED] > Subject: j_security_check redirect after login > > How does j_security_check know where to redirect users to after they > have logged in? Read the servlet spec; to quote from SRV.12.5.3.1: "If the form based login is invoked because of an HTTP request, the original request parameters must be preserved by the container for use if, on successful authentication, it redirects the call to the requested resource." Unless you are going to muck around with Tomcat internals, what difference does it make how the above is accomplished? > nor am I able to find out where in the Tomcat source > code j_security_check is declared or invoked. Start with org/apache/catalina/authenticator/AuthenticatorBase.java, in the invoke() method. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]