stackoom
  简体   繁体   中英

How can I invalidate and login using realm login-config in tomcat

 原文  2013-07-09 02:32:59       java/ tomcat/ login

Question

I have a realm and a login page /login that provides the form for logging into the realm. I would like a user to be able to navigate to the login page directly and log-in for the first time causing a redirect to the home page of the app, or log in as a new user (or the same user) which also sends them to the home page of the app. There are two problems here:

1) If a user logged-in travels to the login page directly and attempts to login as another user, I get a 404 error The requested resource (/myapp/j_security_check) is not available.

2) If a user logs in for the first time I get an error 400 saying The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).

Is it possible to use the login form in the way I describe or will I have to manually log them in with a second login page through a servlet? If I have to create my own, how can I log them in so that tomcat continues to manage the authentication (I would keep the login-config form for cases when a user tries to access a restricted page without logging in)?

1 answers

solution1
 0  2013-07-09 21:31:11

I found that it is not possible to use the <login-config> form in this way. However, the servlet 3.0 spec has given us access to a few helpful functions that allow you to write your own servlet that can log a user in. HttpServletRequest#login and HttpServletRequest#logout let you log a user in an out of the realm associated with the servlet context. Further, you can check if a user is logged into the realm by checking the user principal object with HttpServletRequest#getUserPrincipals .

I set up my custom login page using these functions in a servlet at the path /login and I also have a near identical servlet/jsp that the realm authenticator will forward to but the difference is that the form will submit to the j_security_check . There is probably a fancy way to reuse the first login servlet/jsp and just change the action attribute and fields in the form, but I'll leave that for another day.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How i convert login-config in web.xml to java class? Multiple login-config for Java webapp Wildfly digest login-config with database login module JavaEE: Login-config, different forms for different roles Java - JSP: Multiple login-config and auth-method jdbc realm, form-login-config, Tomcat and db connection error Tomcat Realm Authentication - After login Java, Realm, Tomcat, login. Passing errors through login-config to form-error-page with JBOSS how to modify the basic login authentification from tomcat with Realm?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM