B
Ben Jessel
Hi,
I'm really happy that the "Invalid Direct Reference To Login Page" has
finally been fixed. However I am stuck using Tomcat 4.0.x ( and I
cannot recompile the app-server as it is a managed resource ) , and
the requirement to have a login box included in each page via a panel
is still there.
I've been looking for a workaround. According to the FormAuthenicator
Tomcat code, if the requestURI in the request is NULL, then the
"Invalid Direct Reference To Login Page" error is thrown.
I've written a proxy servlet called LoginProxy. Its job was to alter
the requestURI in the request object before posting to the
j_security_check target.
My login form would post to something like:
LoginProxy?j_username=my&j_password=test&j_forward_uri=/index.jsp
Great, apart from one small problem - HttpServletRequest is READ ONLY.
Damn. I had a look at the actual class heirarchy, and found that
HttpServletRequestFacade was the class that implemented
HttpServletRequest for Tomcat ( I am prepared write Tomcat specific
code, as long as it doesn't involve changing Tomcat itself. ).
HttpServletRequestFacade extends HttpServletRequestImpl, which
implements HttpRequest. HttpRequest does have write access, however
the code:
( ( HttpRequest ) a_Request ).setRequestURI( sForward )
gives a ClassCastException.
My other thought, was - if I just do a sendRedirect ( I was using
forward before ), won't the requestURI be the url of the LoginConfig
servlet.... I could cope with tomcat forwarding me back to the
servlet, I'd just have to add some extra logic. Alas, the request
still retains the null indicating to requestURI.
Can someone tell me how I can modify the request object, or even
create a new one?
Thanks
Ben
I'm really happy that the "Invalid Direct Reference To Login Page" has
finally been fixed. However I am stuck using Tomcat 4.0.x ( and I
cannot recompile the app-server as it is a managed resource ) , and
the requirement to have a login box included in each page via a panel
is still there.
I've been looking for a workaround. According to the FormAuthenicator
Tomcat code, if the requestURI in the request is NULL, then the
"Invalid Direct Reference To Login Page" error is thrown.
I've written a proxy servlet called LoginProxy. Its job was to alter
the requestURI in the request object before posting to the
j_security_check target.
My login form would post to something like:
LoginProxy?j_username=my&j_password=test&j_forward_uri=/index.jsp
Great, apart from one small problem - HttpServletRequest is READ ONLY.
Damn. I had a look at the actual class heirarchy, and found that
HttpServletRequestFacade was the class that implemented
HttpServletRequest for Tomcat ( I am prepared write Tomcat specific
code, as long as it doesn't involve changing Tomcat itself. ).
HttpServletRequestFacade extends HttpServletRequestImpl, which
implements HttpRequest. HttpRequest does have write access, however
the code:
( ( HttpRequest ) a_Request ).setRequestURI( sForward )
gives a ClassCastException.
My other thought, was - if I just do a sendRedirect ( I was using
forward before ), won't the requestURI be the url of the LoginConfig
servlet.... I could cope with tomcat forwarding me back to the
servlet, I'd just have to add some extra logic. Alas, the request
still retains the null indicating to requestURI.
Can someone tell me how I can modify the request object, or even
create a new one?
Thanks
Ben