8 Replies Latest reply on Mar 1, 2005 4:22 PM by ionel

    is j_uri exist in jboss???

    kenryu
    kenryu Oct 9, 2002 11:05 AM

      hi;
      in other container like resin you can redirect all request to one welcome page after you login using j_uri. Let's say if I have 2 pages within restricted directory called a.jsp and b.jsp.
      No matter what url you type (http://localhost:8080/loginTest/restricted/a.jsp or
      http://localhost:8080/loginTest/restricted/b.jsp) if you're not login yet then it'll go to one page, for example: welcome.jsp then in your j_uri in login page you put it as hidden input: http://localhost:8080/loginTest/restricted/welcome.jsp.
      Can we achieved this with Jboss? Does anybody have ever done this before? please reply.

      • 4980 Views
      • Tags:
        • 1. Re: is j_uri exist in jboss???
          sunnyyfl Feb 20, 2005 9:22 AM (in response to kenryu)

          Facing the same problem here. Trying to forward all success login to a specific welcome page after successful form login. Can this be done in JBoss/tomcat? Thank you.

            • Actions
          • 2. Re: is j_uri exist in jboss???
            starksm64
            starksm64 Feb 21, 2005 1:16 PM (in response to kenryu)

            No, j_uri is not a a standard property. The standard attributes included would be those of a forwarded request:

            javax.servlet.forward.request_uri=/jmx-console/
            javax.servlet.forward.context_path=/jmx-console
            javax.servlet.forward.servlet_path=/index.jsp

              • Actions
            • 3. Re: is j_uri exist in jboss???
              ionel Feb 26, 2005 7:11 AM (in response to kenryu)

              Hi Scott,

              I tried this trick :

              <form action='j_security_check' method='POST'>
<%request.setAttribute("javax.servlet.forward.request_uri", "/test-login/secured/index.jsp");%>
<%request.setAttribute("javax.servlet.forward.context_path", "/test-login");%>
<%request.setAttribute("javax.servlet.forward.servlet_path", "/secured/index.jsp");%>
u : <input type="text" name="j_username" size="40"></br>
p : <input type="text" name="j_password" size="40"></br>
<input type="submit" value="Login">
</form>

              in the login.jsp page (defined as the form-login-page).

              Logon process is sucessful but the request attributes I override are not used and I am still landing on the requested secured page instead of the secured welcome page.

              Am I missing something ?

              Thanks,
              ionel

                • Actions
              • 4. Re: is j_uri exist in jboss???
                starksm64
                starksm64 Feb 26, 2005 9:50 AM (in response to kenryu)

                All javax.servlet.forward.* attributes are set automatically when the web container forwards a request.

                  • Actions
                • 5. Re: is j_uri exist in jboss???
                  ionel Feb 26, 2005 12:32 PM (in response to kenryu)

                  Is there a way to bypass this in order to archieve the same functionnality than the unofficial j_uri parameter ?

                  Being a "man-in-the-middle" and forcing these attributes is useless ?

                  I tought this was the solution as I understood your answer from the 02/21.

                  Ionel

                    • Actions
                  • 6. Re: is j_uri exist in jboss???
                    starksm64
                    starksm64 Feb 27, 2005 10:07 PM (in response to kenryu)

                    It seems that the j_uri information is available in the existing javax.servlet.forward.* attributes so you'll have to describe what that won't work. You can create your own valvle to replace the default form authenticator to include your non-standard attributes.

                    http://www.jboss.org/wiki/Wiki.jsp?page=CustomizingSecurityUsingValves

                      • Actions
                    • 7. Re: is j_uri exist in jboss???
                      ionel Feb 28, 2005 1:06 PM (in response to kenryu)

                      I tried j_uri set to :

                      - http://localhost:8080/test-login/secured/welcome.jsp
                      - /test-login/secured/welcome.jsp
                      - test-login/secured/welcome.jsp
                      - /secured/welcome.jsp
                      - secured/welcome.jsp
                      - /welcome.jsp
                      - welcome.jsp

                      but none of these worked.

                      I still land on the requested page.

                      I think I'll try to use a custom security valve.

                      Ionel

                        • Actions
                      • 8. Re: is j_uri exist in jboss???
                        ionel Mar 1, 2005 4:22 PM (in response to kenryu)

                        I did this valve

                        public class FormRedirectAuthenticator extends FormAuthenticator {

 public boolean authenticate(HttpRequest request, HttpResponse response,
 LoginConfig arg2) throws IOException {

 boolean formOk = super.authenticate(request, response, arg2);

 if (formOk) {
 System.out.println("Performing changes ...");
 request.setRequestURI("/test-login/secured/index.jsp");
 request.setContextPath("/test-login");
 request.setServletPath("/secured/index.jsp");
 }

 return formOk;
 }
}


                        Unfortunatly, I found no way to add it 'dynamicaly' to my exploded .war directory.

                        Two questions :
                        1/ may this valve worked if I find a way to add it ?
                        2/ how to add a Valve on a 'per-dynamic context' ?

                        Thanks,
                        Ionel

                        PS : sorry for this but I will cross-post on the tomcat forum

                          • Actions