2 Replies Latest reply on Jul 19, 2006 6:24 PM by James Rhodes

    Where is the destination url stored?

    James Rhodes Newbie

      I have an issue, similar to others here, where my default page is sometimes my login.html page. If this is the case, when I log into the web app, I get the 400 Invalid direct reference message because to j_security_check, the destination page is also the log in page. Here is my login-config section of web.xml
      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>blah</realm-name>
      <form-login-config>
      <form-login-page>/common/login.html</form-login-page>
      <form-error-page>/common/loginerror.jsp</form-error-page>
      </form-login-config>

      </login-config>

      Where does JBoss store the URL it uses after a successful login? I want to check this to see it is set, in the case of someone bookmarking the login.html page, and if it is set to the login.html page explicitly. Can anyone help here?

        • 1. Re: Where is the destination url stored?
          James Rhodes Newbie

          Also,
          I'm using a custom DatabaseServerLoginModule. Is this best solution to just override the behavior and force my loginmodule to only redirect users to one place?

          Thanks!

          B

          • 2. Re: Where is the destination url stored?
            James Rhodes Newbie

            Never mind. I wrote some code to dump all the request attributes and headers and found it:
            javax.servlet.forward.request_uri
            javax.servlet.forward.context_path
            javax.servlet.forward.servlet.path

            I now see the problem. My site is secured on roles that correspond to directories. If the user just bookmarks my login.jsp or login.html page, I would have to have a way to know what their role is even if I could alter these request attributes. The real solution will be to dump them to an intermediate page that makes them click on a link appropriate from their role. Then the container should have no problems.