"kathy90031" wrote : Yes, our URL pattern is the same, but I'm not sure you
were understanding me correctly. Our pages ARE secure.
|
| If someone bookmarks
http://localhost/WebApp/index.jsp
|
| then they are directed to the login page, after they login in (and are authenticated,
they are directed to the home page.
|
| If some booksmarks
http://localhost/WebApp/login.jsp
|
| they login in and recieve a BAD REQUEST error EVEN THOUGH they are authenticated. In
fact, if they try to go to index.jsp DIRECTLY from the bad request page; they get in.
|
| I looked at the jboss source code and saw what was happening. Jboss looks up the
request to forward to. Since the users are coming from login.jsp; this variable returns
NULL. Therefore, Jboss throws the bad request error.
|
| Is there a workaround I can configure instead of code?
You could try creating a valve to check if the user browses directly to the login page or
if he uses the normal navigation. If he does, redirect him to a secure page. The
j_security_check wil trigger and redirect the user to the login page.
A valve can be compared with a Servlet filter, but it runs outside the application and has
access to otherwise forbidden resources, like Tomcat classes.
More here:
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169725#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...