[undertow-dev] loginPage and security constraints

Bill Burke bburke at redhat.com
Mon Aug 19 10:07:58 EDT 2013 

It makes a lot of sense to be able to bookmark the login page so I don't 
think you are correct that the login page cannot be bookmarked.

On 8/19/2013 10:02 AM, Anil Saldhana wrote:
> Login/Error page in FORM authentication are controlled by the web
> container. They should
> not be accessed directly by the user. When they bookmark the login page
> or error page,
> the url should be protected.
>
> The workflow starts as follows: when the user tries to access a secured
> resource, the container
> initiates the form authentication workflow by saving the current request
> and then forwarding to
> the login page and after login, restore the request and proceed. In case
> of error, the request is
> forwarded to the error page.
>
> In the case of bookmarked login page, the container has to perform
> special processing to ensure
> that it does not restore back to the login page but to the index/welcome
> page.
>
>
> On 08/19/2013 08:54 AM, Stuart Douglas wrote:
>> At the moment the code assumes the login and error pages are outside the secured area.
>>
>> It think it makes sense to change this so that the login and error pages are never secure.
>>
>> Stuart
>>
>> ----- Original Message -----
>>> >From: "Bill Burke"<bburke at redhat.com>
>>> >To:undertow-dev at lists.jboss.org
>>> >Sent: Saturday, 17 August, 2013 7:30:30 PM
>>> >Subject: [undertow-dev] loginPage and security constraints
>>> >
>>> >If you have a authentication security constraint set to "/*", how do you
>>> >make sure you don't have an infinite redirect loop with the loginPage?
>>> >
>>> >--
>>> >Bill Burke
>>> >JBoss, a division of Red Hat
>>> >http://bill.burkecentral.com
>>> >_______________________________________________
>>> >undertow-dev mailing list
>>> >undertow-dev at lists.jboss.org
>>> >https://lists.jboss.org/mailman/listinfo/undertow-dev
>>> >
>> _______________________________________________
>> undertow-dev mailing list
>> undertow-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the undertow-dev mailing list