DO NOT REPLY [Bug 46509] New: Tomcat 5.5 security example gives j_security_check not available

Sat, 10 Jan 2009 19:03:22 -0800 

https://issues.apache.org/bugzilla/show_bug.cgi?id=46509

           Summary: Tomcat 5.5 security example gives j_security_check not
                    available
           Product: Tomcat 5
           Version: 5.5.26
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: Webapps:Examples
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: curu...@googlemail.com


The problem happens when using the security example (jsp-examples/security/) in
tomcat 5.5.

If the user enters their password incorrectly they are redirected to error.jsp
which has a link back to login.jsp. If you use this link and login with the
correct credentials login.jsp is reloaded. If you try to login a 2nd time with
the correct credentials you receive an error "The requested resource
(/jsp-examples/security/protected/j_security_check) is not available."

The problem is pretty simple. Since login.jsp, index.jsp and error.jsp are all
in a secure realm using the link in error.jsp to reach login.jsp triggers
authentication which brings up login.jsp as this is specified as
<form-login-page> in web.xml.

When the user is authenticated they are taken to the page in the realm they
requested, which in this case is login.jsp. When they try to login for the 2nd
time they get the error because they have already been authenticated and they
are trying to load j_security_check (loading index.jsp proves they are logged
in).

This fixes it:

In /jsp-examples/security/protected/error.jsp

Change:
<a href='<%= response.encodeURL("login.jsp") %>'>again</a>.

To:
<a href='<%= response.encodeURL("/") %>'>again</a>.

Only checked on Windows and Linux, but since Tomcat is doing what it's supposed
to do I imagine the example exhibits this behaviour on all platforms.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to