search

ratcashdev / authenticroast

Automatically exported from code.google.com/p/authenticroast
1 stars 0 forks source link

FormAuthenticator uses redirect, should use forward? #7

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
The FormAuthenticator uses a redirect rather than a forward to show the login 
page. In my system (TC 6.0.26) this caused a redirection loop. The Tomcat 
FormAuthenticator uses forward() for this purpose, which seems to work. Code 
change required is in AuthenticationManagerBase:

            // Modified EJP 9 November 2010 to match Tomcat's FormAuthenticator.
//            authRequest.getHttpServletResponse().sendRedirect(
//                    context + path);
            RequestDispatcher disp = authRequest
                .getServletContext()
                .getRequestDispatcher(context+path);
            disp.forward(authRequest.getHttpServletRequest(), authRequest.getHttpServletResponse());
            authRequest.getHttpServletResponse().flushBuffer();
            // end EJP

plus suitable imports.

Original issue reported on code.google.com by EsmondP...@gmail.com on 9 Nov 2010 at 11:35

GoogleCodeExporter commented 9 years ago 
(context+path) should be just (path)

Original comment by EsmondP...@gmail.com on 15 Nov 2010 at 2:27

GoogleCodeExporter commented 9 years ago 
Close. The problem was caused by access control on the login page, so a 
redirect/authenticate loop was created. Worth documenting this.

Original comment by EsmondP...@gmail.com on 15 Nov 2010 at 4:50

GoogleCodeExporter commented 9 years ago 
Created a aiki-page for common pitfalls.
:-)

Original comment by aike.som...@gmail.com on 15 Nov 2010 at 8:38