Skip to main content

[webtier] Re: URL Redirects Not Working on v2.1 b60e

1 reply [Last post]
Anonymous

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Jan Luehe

Hi Burak,

thanks for sending your WAR file!

I was able to reproduce the issue.

Here is what is happening:

The FORM authenticator in GlassFish stores all aspects of
the request that triggered authentication, including the request path
(in your case: /LdapSecurity/secured/secret.html), in a new HTTP session,
restores this information from the session once authentication has
succeeded, and issues a redirect to the restored request path.

Since your webapp has disabled cookies in its sun-web.xml:

the container does not return the JSESSIONID of the new session in a
response cookie to the browser. When the browser submits the
j_security_check request, it does not include any JSESSIONID cookie
(since it was never given any). Also, the j_security_check request
does not have any JSESSIONID encoded in it. Therefore, the container's
FORM authenticator is unable to restore the original request path, and
issues a redirect to the context root (which is mapped to your
index.jsp): What else could it do!

I was able to correct the issue after enabling cookies in your webapp:

Thanks,

Jan

On 02/11/09 10:16, Jan Luehe wrote:
> I've asked bsevindi to provide me with his WAR file, so I can try to
> reproduce the issue.
> Will update this forum when I know more.
>
> Jan
>
> On 02/11/09 00:12, glassfish@javadesktop.org wrote:
>> Hello, Jan
>>
>> You are right, I forgot to declare the admin role in web.xml, but I
>> am sure it works as is.
>> Also, I have enabled the "Default security role mapping" feature so I
>> did not need to add a security-role-mapping element to sun-web.xml.
>> [Message sent by forum member 'bsevindi' (bsevindi)]
>>
>> http://forums.java.net/jive/thread.jspa?messageID=331206
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
>> For additional commands, e-mail: users-help@glassfish.dev.java.net
>>
>>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: webtier-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: webtier-help@glassfish.dev.java.net