Skip to main content

[webtier] Re: Pass username from custom realm to error page

1 reply [Last post]
Anonymous

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Jan Luehe

Hi Jason,

On 06/ 4/09 02:31 AM, JasDA@web.de wrote:
> Hi,
>
> at the moment we are trying to get our old Tomcat 5 applications to work in Glassfish v2. I've implemented a custom realm for authentication and it works fine. But I have the following problem:
> If a user enters a wrong password the user will be redirected to an error page:
>
>
> FORM
> iods9Realm
>
>
/login.jsp >
/loginError.do >
>

>
> As you can see we're using Struts (I guess it's V1.x). My action looks like this:
>
> public void doExecute(ActionContext ctx) throws Exception
> {
> String text = "";
> if (ctx.request().getParameter("loginTimeout") != null)
> {
> .......
> }
> else
> {
> String userName = ctx.request().getParameter("j_username");
> .....
> }
> ctx.forwardByName("loginPage");
> }
>
> In our tomcat environment all parameters (j_username, ...) were available in this action. Now in our glassfish environment the parameters map is empty so I can't get the username. Is there any chance to geht the username? Perhaps it is possible to access the request from my custom realm that extends the IASRealm?
>

Sorry for the late response!

What you are seeing is a side-effect of the fix for

https://glassfish.dev.java.net/issues/show_bug.cgi?id=3374
(FORM authenticator should issue a redirect (instead of a request dispatch
"forward") to the login page)

in GlassFish.

Note that Tomcat unconditionally uses a forward dispatch to the error
page. Forward dispatches are required to aggregate any query params,
meaning that in case of an authentication error, the "j_username" and
"j_password" form parameters will be accessible by the error page.

However, GlassFish will issue a redirect (instead of a forward
dispatch) to the error page under the conditions described in the
above issue tracker link. In this case, any of the form params
submitted to the "j_security_check" action will be lost, unless they
are explicitly appended (by the FORM authenticator) to the redirect
target (the error page). I'm not sure appending the "j_password" param
would be a good idea, but we should definitely append the
"j_username" param when issuing a redirect to the error page.

I've been able to verify that this would fix the issue you ran into.

Would you mind filing an issue against the "webcontainer" category
in the GlassFish issue tracker
(https://glassfish.dev.java.net/servlets/ProjectIssues)?

Regards,

Jan

> Regards,
> Jason
> __________________________________________________________
> WEB.DE FreeDSL mit DSL 6.000 Flatrate und Telefonanschluss
> für 17,95 Euro/mtl.!* http://produkte.web.de/go/02/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: webtier-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: webtier-help@glassfish.dev.java.net