Tomcat - Invalid Direct Reference To Login Page ( Workaround help )

Discussion in 'Java' started by Ben Jessel, Jul 21, 2003.

  1. Ben Jessel

    Ben Jessel Guest

    Hi,

    I'm really happy that the "Invalid Direct Reference To Login Page" has
    finally been fixed. However I am stuck using Tomcat 4.0.x ( and I
    cannot recompile the app-server as it is a managed resource ) , and
    the requirement to have a login box included in each page via a panel
    is still there.

    I've been looking for a workaround. According to the FormAuthenicator
    Tomcat code, if the requestURI in the request is NULL, then the
    "Invalid Direct Reference To Login Page" error is thrown.

    I've written a proxy servlet called LoginProxy. Its job was to alter
    the requestURI in the request object before posting to the
    j_security_check target.

    My login form would post to something like:

    LoginProxy?j_username=my&j_password=test&j_forward_uri=/index.jsp

    Great, apart from one small problem - HttpServletRequest is READ ONLY.
    Damn. I had a look at the actual class heirarchy, and found that
    HttpServletRequestFacade was the class that implemented
    HttpServletRequest for Tomcat ( I am prepared write Tomcat specific
    code, as long as it doesn't involve changing Tomcat itself. ).
    HttpServletRequestFacade extends HttpServletRequestImpl, which
    implements HttpRequest. HttpRequest does have write access, however
    the code:
    ( ( HttpRequest ) a_Request ).setRequestURI( sForward )
    gives a ClassCastException.

    My other thought, was - if I just do a sendRedirect ( I was using
    forward before ), won't the requestURI be the url of the LoginConfig
    servlet.... I could cope with tomcat forwarding me back to the
    servlet, I'd just have to add some extra logic. Alas, the request
    still retains the null indicating to requestURI.

    Can someone tell me how I can modify the request object, or even
    create a new one?

    Thanks

    Ben
     
    Ben Jessel, Jul 21, 2003
    #1
    1. Advertising

  2. "Ben Jessel" <> wrote in message
    news:...
    > Hi,
    >
    > I'm really happy that the "Invalid Direct Reference To Login Page" has
    > finally been fixed. However I am stuck using Tomcat 4.0.x ( and I
    > cannot recompile the app-server as it is a managed resource ) , and
    > the requirement to have a login box included in each page via a panel
    > is still there.
    >
    > I've been looking for a workaround. According to the FormAuthenicator
    > Tomcat code, if the requestURI in the request is NULL, then the
    > "Invalid Direct Reference To Login Page" error is thrown.
    >
    > I've written a proxy servlet called LoginProxy. Its job was to alter
    > the requestURI in the request object before posting to the
    > j_security_check target.
    >
    > My login form would post to something like:
    >
    > LoginProxy?j_username=my&j_password=test&j_forward_uri=/index.jsp
    >
    > Great, apart from one small problem - HttpServletRequest is READ ONLY.
    > Damn. I had a look at the actual class heirarchy, and found that
    > HttpServletRequestFacade was the class that implemented
    > HttpServletRequest for Tomcat ( I am prepared write Tomcat specific
    > code, as long as it doesn't involve changing Tomcat itself. ).
    > HttpServletRequestFacade extends HttpServletRequestImpl, which
    > implements HttpRequest. HttpRequest does have write access, however
    > the code:
    > ( ( HttpRequest ) a_Request ).setRequestURI( sForward )
    > gives a ClassCastException.
    >
    > My other thought, was - if I just do a sendRedirect ( I was using
    > forward before ), won't the requestURI be the url of the LoginConfig
    > servlet.... I could cope with tomcat forwarding me back to the
    > servlet, I'd just have to add some extra logic. Alas, the request
    > still retains the null indicating to requestURI.
    >
    > Can someone tell me how I can modify the request object, or even
    > create a new one?


    It looks to me like HttpServletRequestWrapper is provided for that
    purpose. By extending it you can create a modified request object.

    Bill




    ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---
     
    William Brogden, Jul 21, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mavrick
    Replies:
    0
    Views:
    379
    Mavrick
    Jan 8, 2006
  2. Philip Ronan
    Replies:
    2
    Views:
    4,653
  3. jobs
    Replies:
    4
    Views:
    710
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Jun 24, 2007
  4. Shannon

    login page stays on login page

    Shannon, Jan 9, 2008, in forum: ASP .Net
    Replies:
    2
    Views:
    552
    Shannon
    Jan 9, 2008
  5. Billy Zhang
    Replies:
    3
    Views:
    574
    jacerhea
    Nov 12, 2008
Loading...

Share This Page