DO NOT REPLY [Bug 45710] New: FormAuthenticator - Request Parameters are lost after authentication

Thu, 28 Aug 2008 19:48:53 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=45710

           Summary: FormAuthenticator -  Request Parameters are lost after
                    authentication
           Product: Tomcat 5
           Version: 5.5.25
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Catalina:Modules
        AssignedTo: [EMAIL PROTECTED]
        ReportedBy: [EMAIL PROTECTED]


We have two web applications, one running in Tomcat 5.0.30 (source) and the
other one running in Tomcat 5.5.25 (target).

The target application (uses JSP pages) running in Tomcat 5.5.25 uses Form
Based Authentication as Security Constraint for the web pages inside the
application.

The source application running in Tomcat 5.0.30 programmatically authenticates
the user and obtains a jsessionid. The jsessionid thus obtained is sent to the
target web page along with other user defined parameters
(parm1=value&parm2=value) using response.sendRedirect().

But, the target page (running in Tomcat 5.5.25) never receives the user defined
parameters, leading to incorrect URL apparently causing the Page Not found
error.

Please note that the difference in Tomcat versions does not have anything to do
with the problem. Even, when I had both the applications (contexts) running in
the same server, I saw the Page Not Found error.

Note : I have the SSO turned on in my tomcat server(hosting target
application).

Steps to create the issue:
-------------------------

1) Create a sample JSP page in one Context that programmatically authenticates
the other application running in same server.

2) Once the jsessionid value is retrieved. Form the URL say

http://localhost:8080/myapp2/Controller;jsessionid=164037ED017BDA8818ACBF930B6AD92F?view=myPage2.jsp&parm1=value1&parm2=value2

where Controller is the servlet that directs request to the JSP page.

3) In the target server, create a JSP page (myPage2.jsp) that will simply call
the request.getParameter() to print the parameter values.

I get null as the parameter value.

Please let me know if you need more information. I turned on the log level as
debug for Catalina Core packages and I see the RequestDumper valve do print the
queryString that contains parameter values while when it gets down to the
Filter/Servlet, the queryString contains only the target page (i.e.
view=myPage2.jsp) and not the parameter values


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to