8 Replies Latest reply on Mar 1, 2005 4:22 PM by ionel

    is j_uri exist in jboss???

    TJ Newbie

      hi;
      in other container like resin you can redirect all request to one welcome page after you login using j_uri. Let's say if I have 2 pages within restricted directory called a.jsp and b.jsp.
      No matter what url you type (http://localhost:8080/loginTest/restricted/a.jsp or
      http://localhost:8080/loginTest/restricted/b.jsp) if you're not login yet then it'll go to one page, for example: welcome.jsp then in your j_uri in login page you put it as hidden input: http://localhost:8080/loginTest/restricted/welcome.jsp.
      Can we achieved this with Jboss? Does anybody have ever done this before? please reply.

        • 1. Re: is j_uri exist in jboss???
          sunnyyfl Newbie

          Facing the same problem here. Trying to forward all success login to a specific welcome page after successful form login. Can this be done in JBoss/tomcat? Thank you.

          • 2. Re: is j_uri exist in jboss???
            Scott Stark Master

            No, j_uri is not a a standard property. The standard attributes included would be those of a forwarded request:

            javax.servlet.forward.request_uri=/jmx-console/
            javax.servlet.forward.context_path=/jmx-console
            javax.servlet.forward.servlet_path=/index.jsp

            • 3. Re: is j_uri exist in jboss???
              ionel Newbie

              Hi Scott,

              I tried this trick :

              <form action='j_security_check' method='POST'>
              <%request.setAttribute("javax.servlet.forward.request_uri", "/test-login/secured/index.jsp");%>
              <%request.setAttribute("javax.servlet.forward.context_path", "/test-login");%>
              <%request.setAttribute("javax.servlet.forward.servlet_path", "/secured/index.jsp");%>
              u : <input type="text" name="j_username" size="40"></br>
              p : <input type="text" name="j_password" size="40"></br>
              <input type="submit" value="Login">
              </form>

              in the login.jsp page (defined as the form-login-page).

              Logon process is sucessful but the request attributes I override are not used and I am still landing on the requested secured page instead of the secured welcome page.

              Am I missing something ?

              Thanks,
              ionel

              • 4. Re: is j_uri exist in jboss???
                Scott Stark Master

                All javax.servlet.forward.* attributes are set automatically when the web container forwards a request.

                • 5. Re: is j_uri exist in jboss???
                  ionel Newbie

                  Is there a way to bypass this in order to archieve the same functionnality than the unofficial j_uri parameter ?

                  Being a "man-in-the-middle" and forcing these attributes is useless ?

                  I tought this was the solution as I understood your answer from the 02/21.

                  Ionel

                  • 6. Re: is j_uri exist in jboss???
                    Scott Stark Master

                    It seems that the j_uri information is available in the existing javax.servlet.forward.* attributes so you'll have to describe what that won't work. You can create your own valvle to replace the default form authenticator to include your non-standard attributes.

                    http://www.jboss.org/wiki/Wiki.jsp?page=CustomizingSecurityUsingValves

                    • 7. Re: is j_uri exist in jboss???
                      ionel Newbie

                      I tried j_uri set to :

                      - http://localhost:8080/test-login/secured/welcome.jsp
                      - /test-login/secured/welcome.jsp
                      - test-login/secured/welcome.jsp
                      - /secured/welcome.jsp
                      - secured/welcome.jsp
                      - /welcome.jsp
                      - welcome.jsp

                      but none of these worked.

                      I still land on the requested page.

                      I think I'll try to use a custom security valve.

                      Ionel

                      • 8. Re: is j_uri exist in jboss???
                        ionel Newbie

                        I did this valve

                        public class FormRedirectAuthenticator extends FormAuthenticator {
                        
                         public boolean authenticate(HttpRequest request, HttpResponse response,
                         LoginConfig arg2) throws IOException {
                        
                         boolean formOk = super.authenticate(request, response, arg2);
                        
                         if (formOk) {
                         System.out.println("Performing changes ...");
                         request.setRequestURI("/test-login/secured/index.jsp");
                         request.setContextPath("/test-login");
                         request.setServletPath("/secured/index.jsp");
                         }
                        
                         return formOk;
                         }
                        }


                        Unfortunatly, I found no way to add it 'dynamicaly' to my exploded .war directory.

                        Two questions :
                        1/ may this valve worked if I find a way to add it ?
                        2/ how to add a Valve on a 'per-dynamic context' ?

                        Thanks,
                        Ionel

                        PS : sorry for this but I will cross-post on the tomcat forum