users@glassfish.java.net

Re: Form based login anomalty

From: <Jan.Luehe_at_Sun.COM>
Date: Fri, 21 Mar 2008 15:30:32 -0700

HAcland wrote:

>Dear all,
>
>After setting up form based login I have noticed that if a user goes
>directly to the login page URL (ie. without first attempting to access a
>restricted page) then after loging in he is then presented with the
>file/directory list produced by glassfish.
>
>Only when the user first tries to access a restricted page, is then
>redirected to the login screen, does it then forward him to the requested
>restricted page.
>
>

I don't consider the existing behaviour an anomaly:
Where do you expect to be redirected to if you access the
login page directly and have been authenticated successfully?

Please see my evaluation of, and fix for:

  https://glassfish.dev.java.net/issues/show_bug.cgi?id=1933

which introduced the behaviour you are seeing:

  Since there is no way for the container to determine any "original" request URI
  to which to redirect the request in this scenario, it can only redirect the
  request to

    req.getContextPath() + "/"

  where "req" is the HttpServletRequest that carried the j_security_check, and
  have the welcome page mechanism take it from there.


Hope this helps.


Jan

>How can I overcome this so that if the user does go direct to the login page
>he is then sent onwards to a "welcome to the restricted area" page?
>
>Many thanks
>Hugh
>
>