users@glassfish.java.net

Re: URL Redirects Not Working on v2.1 b60e

From: <glassfish_at_javadesktop.org>
Date: Thu, 05 Feb 2009 00:15:41 PST

My web project's structure is like this:
META-INF
|---MANIFEST.MF
secured
|---secret.html
WEB-INF
|---sun-web.xml
|---web.xml
index.html
login.jsp

login.jsp contains a j_security_check form.
index.jsp has just a link to secret.html.
secret.html has some static content.

The content of web.xml is as follows:

<web-app>
  <display-name>LdapSecurity</display-name>
  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
  <security-constraint>
    <display-name>Private</display-name>
    <web-resource-collection>
      <web-resource-name>secret</web-resource-name>
      <description></description>
      [b]<url-pattern>/secured/*</url-pattern>[/b]
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>HEAD</http-method>
      <http-method>PUT</http-method>
      <http-method>OPTIONS</http-method>
      <http-method>TRACE</http-method>
      <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
      <description></description>
      <role-name>admin</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>ldap-realm</realm-name>
    <form-login-config>
            [b]<form-login-page>/login.jsp</form-login-page>[/b]
            <form-error-page>/login.jsp</form-error-page>
    </form-login-config>
  </login-config>
</web-app>

The content of sun-web.xml is as follows:

<sun-web-app error-url="">
  <context-root>/LdapSecurity</context-root>
  <session-config>
          <session-properties>
                  [b]<property name="enableCookies" value="false"/>
                  <property name="enableURLRewriting" value="true"/>[/b]
                  <property name="timeout-in-seconds" value="600"/>
          </session-properties>
  </session-config>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class java code.</description>
    </property>
  </jsp-config>
</sun-web-app>

When I run this app, index.jsp is displayed. Then I click to the link which points to secret.html but because I am not authenticated yet, I am redirected to the login page. There I login. But instead of secret.html I am redirected to the root of the web app with the following url:
http//localhost:8080/LdapSecurity/;jsessionid=144b0b00a46bda55c961021
So the index.jsp displays again. And when I click the link to secret.html I am redirected to the login page again altough I was logged in.
[Message sent by forum member 'bsevindi' (bsevindi)]

http://forums.java.net/jive/thread.jspa?messageID=330250
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.