Hi Burak,
thanks for sending your WAR file!
I was able to reproduce the issue.
Here is what is happening:
The FORM authenticator in GlassFish stores all aspects of
the request that triggered authentication, including the request path
(in your case: /LdapSecurity/secured/secret.html), in a new HTTP session,
restores this information from the session once authentication has
succeeded, and issues a redirect to the restored request path.
Since your webapp has disabled cookies in its sun-web.xml:
<property name="enableCookies" value="false"/>
the container does not return the JSESSIONID of the new session in a
response cookie to the browser. When the browser submits the
j_security_check request, it does not include any JSESSIONID cookie
(since it was never given any). Also, the j_security_check request
does not have any JSESSIONID encoded in it. Therefore, the container's
FORM authenticator is unable to restore the original request path, and
issues a redirect to the context root (which is mapped to your
index.jsp): What else could it do!
I was able to correct the issue after enabling cookies in your webapp:
<property name="enableCookies" value="true"/>
Thanks,
Jan
On 02/11/09 10:16, Jan Luehe wrote:
> I've asked bsevindi to provide me with his WAR file, so I can try to
> reproduce the issue.
> Will update this forum when I know more.
>
> Jan
>
> On 02/11/09 00:12, glassfish_at_javadesktop.org wrote:
>> Hello, Jan
>>
>> You are right, I forgot to declare the admin role in web.xml, but I
>> am sure it works as is.
>> Also, I have enabled the "Default security role mapping" feature so I
>> did not need to add a security-role-mapping element to sun-web.xml.
>> [Message sent by forum member 'bsevindi' (bsevindi)]
>>
>> http://forums.java.net/jive/thread.jspa?messageID=331206
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>
>