[jboss-user] [Security & JAAS/JBoss] - Re: Users bookmarking login.jsp causes problems
jkva
do-not-reply at jboss.com
Sat Aug 9 08:16:36 EDT 2008
"kathy90031" wrote : Yes, our URL pattern is the same, but I'm not sure you were understanding me correctly. Our pages ARE secure.
|
| If someone bookmarks http://localhost/WebApp/index.jsp
|
| then they are directed to the login page, after they login in (and are authenticated, they are directed to the home page.
|
| If some booksmarks http://localhost/WebApp/login.jsp
|
| they login in and recieve a BAD REQUEST error EVEN THOUGH they are authenticated. In fact, if they try to go to index.jsp DIRECTLY from the bad request page; they get in.
|
| I looked at the jboss source code and saw what was happening. Jboss looks up the request to forward to. Since the users are coming from login.jsp; this variable returns NULL. Therefore, Jboss throws the bad request error.
|
| Is there a workaround I can configure instead of code?
You could try creating a valve to check if the user browses directly to the login page or if he uses the normal navigation. If he does, redirect him to a secure page. The j_security_check wil trigger and redirect the user to the login page.
A valve can be compared with a Servlet filter, but it runs outside the application and has access to otherwise forbidden resources, like Tomcat classes.
More here:
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169725#4169725
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169725
More information about the jboss-user
mailing list