But how does this work through code? My initial request is to "http://localhost/mywebservice/file.do"; (and all this is through Java code similar to below).
Tomcat redirects the request to the login page specified in web.xml "http://localhost/mywebservice/login.html";. Then either Tomcat returns this page to the user, or invokes a servlet that constructs the page and returns is to the user. Then it seems Tomcat remembers the original request. Now the user sees a login page with the j_username and j_password form fields. In code, they get the output stream and it instructs them to login, though my page does not have the form fields in it. So in code the client constructs a login request. The request input stream is set to "j_username=username&j_password=password". But to what URL should the above response be posted? I would imagine that it should be to "http://localhost/mywebservice/j_security_check"; because the login page is typically like this <form action="j_security_check" ...>...</form>. A browser does not know about Tomcat protocols, so it would I imagine send the request to j_security_check. Then I imagine that Tomcat intercepts the request and validates the login, and then forwards to the original page (which must have remembered). So it makes sense to me that through code one may make requests to j_security_check. Just this would not not a recommended practice to users typing something into the address bar. So any ideas on how to make https requests through code? --- On Sun, 12/14/08, Caldarale, Charles R <chuck.caldar...@unisys.com> wrote: > From: Caldarale, Charles R <chuck.caldar...@unisys.com> > Subject: RE: Server returned HTTP response code: 408 for URL: > https...j_security_check > To: "Tomcat Users List" <users@tomcat.apache.org> > Date: Sunday, December 14, 2008, 7:20 PM > > From: removeps-gro...@yahoo.com > [mailto:removeps-gro...@yahoo.com] > > Subject: Server returned HTTP response code: 408 for > URL: > > https...j_security_check > > > > Server returned HTTP response code: 408 for URL: > > > https://localhost:6143/mywebservice/action/j_security_check > > You're not allowed to reference j_security_check > directly. The URL must refer to a protected resource (as > declared in your web.xml), at which point Tomcat will > internally call up the j_security_check. if the > authentication succeeds, the original request will then be > reattempted automatically. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR > OTHERWISE PROPRIETARY MATERIAL and is thus for use only by > the intended recipient. If you received this in error, > please contact the sender and delete the e-mail and its > attachments from all computers. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: > users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
