Skip to main content

[webtier] Re: URL Redirects Not Working on v2.1 b60e

1 reply [Last post]

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Jan Luehe

Hi Burak,

thanks for sending your WAR file!

I was able to reproduce the issue.

Here is what is happening:

The FORM authenticator in GlassFish stores all aspects of
the request that triggered authentication, including the request path
(in your case: /LdapSecurity/secured/secret.html), in a new HTTP session,
restores this information from the session once authentication has
succeeded, and issues a redirect to the restored request path.

Since your webapp has disabled cookies in its sun-web.xml:

the container does not return the JSESSIONID of the new session in a
response cookie to the browser. When the browser submits the
j_security_check request, it does not include any JSESSIONID cookie
(since it was never given any). Also, the j_security_check request
does not have any JSESSIONID encoded in it. Therefore, the container's
FORM authenticator is unable to restore the original request path, and
issues a redirect to the context root (which is mapped to your
index.jsp): What else could it do!

I was able to correct the issue after enabling cookies in your webapp:



On 02/11/09 10:16, Jan Luehe wrote:
> I've asked bsevindi to provide me with his WAR file, so I can try to
> reproduce the issue.
> Will update this forum when I know more.
> Jan
> On 02/11/09 00:12, wrote:
>> Hello, Jan
>> You are right, I forgot to declare the admin role in web.xml, but I
>> am sure it works as is.
>> Also, I have enabled the "Default security role mapping" feature so I
>> did not need to add a security-role-mapping element to sun-web.xml.
>> [Message sent by forum member 'bsevindi' (bsevindi)]
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail: