On 20/01/2011 17:25, neo21 zerro wrote: > Hi Mikolaj and Mark, > > > Thanks for the replay. The problem is that I read the specifications and I > still don't know how to push the login details > and the request for the main page in one call.
In Tomcat 6.0.x you can't. In Tomcat 7, the landing page attribute of the form authenticator may help. Alternatively, don't use FORM authentication. Seems like BASIC auth is more appropriate. Mark > The fact is that I need to open a browser from a swing app with the main > page > for my other application(that uses JAAS) programatic. So the real problem is > how do push the request from the swing app to open an browser with an > authenticated user and the main page from my other app. Because as I already > said I cannot push to the application that uses JAAS my login credentials and > the request to my main app. So I push the credentials as I already said but > HTTP > Status 400 - Invalid direct reference to form login page because I have no > initial request with my main page, so that Tomcat can restore it. > I cannot use JSP, my login page is a simple html page. > > > > > Thanks a lot for your time! > > > > > ________________________________ > From: Mikolaj Rydzewski <m...@ceti.pl> > To: Tomcat Users List <users@tomcat.apache.org> > Sent: Thu, January 20, 2011 5:53:04 PM > Subject: Re: Programatic JAAS login in Tomcat 6.0.26! > > > On Thu, 20 Jan 2011 15:16:15 +0000, Mark Thomas <ma...@apache.org> wrote: > >> Read up on FORM auth in the Servlet spec. There is a specific sequence >> of events that looks roughly like (for a successful auth): >> >> 1. Browser sends original request >> 2. Server saves request, creates session and responds with login page >> 3. Browser sends login details to server >> 4. Server validates login details >> 5. Server restores saved request and processes it >> 6. Server sends response to original request to browser. > > Hi Mark, > > That explains problem some people complain about: > When you invalidate session in second step, server is not able to restore > previous request and leaves user with the same login form with URL > /j_security_check. Real problem is, that now cryptic error appears: HTTP > Status > 400 - Invalid direct reference to form login page. > It's enough for user to open login form page, wait until session invalidates > due > to inactivity time, then try to login. > One solution is to use HttpSession.isNew() check on login JSP page and > perform > redirect to e.g. to main page. > > -- Mikolaj Rydzewski <m...@ceti.pl> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
