Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Tomcat - Invalid Direct Reference To Login Page ( Workaround help )

Reply
Thread Tools

Tomcat - Invalid Direct Reference To Login Page ( Workaround help )

 
 
Ben Jessel
Guest
Posts: n/a
 
      07-21-2003
Hi,

I'm really happy that the "Invalid Direct Reference To Login Page" has
finally been fixed. However I am stuck using Tomcat 4.0.x ( and I
cannot recompile the app-server as it is a managed resource ) , and
the requirement to have a login box included in each page via a panel
is still there.

I've been looking for a workaround. According to the FormAuthenicator
Tomcat code, if the requestURI in the request is NULL, then the
"Invalid Direct Reference To Login Page" error is thrown.

I've written a proxy servlet called LoginProxy. Its job was to alter
the requestURI in the request object before posting to the
j_security_check target.

My login form would post to something like:

LoginProxy?j_username=my&j_password=test&j_forward _uri=/index.jsp

Great, apart from one small problem - HttpServletRequest is READ ONLY.
Damn. I had a look at the actual class heirarchy, and found that
HttpServletRequestFacade was the class that implemented
HttpServletRequest for Tomcat ( I am prepared write Tomcat specific
code, as long as it doesn't involve changing Tomcat itself. ).
HttpServletRequestFacade extends HttpServletRequestImpl, which
implements HttpRequest. HttpRequest does have write access, however
the code:
( ( HttpRequest ) a_Request ).setRequestURI( sForward )
gives a ClassCastException.

My other thought, was - if I just do a sendRedirect ( I was using
forward before ), won't the requestURI be the url of the LoginConfig
servlet.... I could cope with tomcat forwarding me back to the
servlet, I'd just have to add some extra logic. Alas, the request
still retains the null indicating to requestURI.

Can someone tell me how I can modify the request object, or even
create a new one?

Thanks

Ben
 
Reply With Quote
 
 
 
 
William Brogden
Guest
Posts: n/a
 
      07-21-2003

"Ben Jessel" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Hi,
>
> I'm really happy that the "Invalid Direct Reference To Login Page" has
> finally been fixed. However I am stuck using Tomcat 4.0.x ( and I
> cannot recompile the app-server as it is a managed resource ) , and
> the requirement to have a login box included in each page via a panel
> is still there.
>
> I've been looking for a workaround. According to the FormAuthenicator
> Tomcat code, if the requestURI in the request is NULL, then the
> "Invalid Direct Reference To Login Page" error is thrown.
>
> I've written a proxy servlet called LoginProxy. Its job was to alter
> the requestURI in the request object before posting to the
> j_security_check target.
>
> My login form would post to something like:
>
> LoginProxy?j_username=my&j_password=test&j_forward _uri=/index.jsp
>
> Great, apart from one small problem - HttpServletRequest is READ ONLY.
> Damn. I had a look at the actual class heirarchy, and found that
> HttpServletRequestFacade was the class that implemented
> HttpServletRequest for Tomcat ( I am prepared write Tomcat specific
> code, as long as it doesn't involve changing Tomcat itself. ).
> HttpServletRequestFacade extends HttpServletRequestImpl, which
> implements HttpRequest. HttpRequest does have write access, however
> the code:
> ( ( HttpRequest ) a_Request ).setRequestURI( sForward )
> gives a ClassCastException.
>
> My other thought, was - if I just do a sendRedirect ( I was using
> forward before ), won't the requestURI be the url of the LoginConfig
> servlet.... I could cope with tomcat forwarding me back to the
> servlet, I'd just have to add some extra logic. Alas, the request
> still retains the null indicating to requestURI.
>
> Can someone tell me how I can modify the request object, or even
> create a new one?


It looks to me like HttpServletRequestWrapper is provided for that
purpose. By extending it you can create a modified request object.

Bill




----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
When session is invalid, how to redirect user to the login page Billy Zhang ASP .Net 3 11-12-2008 04:14 AM
login page stays on login page Shannon ASP .Net 2 01-09-2008 10:51 PM
Membership Security 403 - how to direct to Custom page instead of Login page jobs ASP .Net 4 06-24-2007 03:42 PM
Missing Text When Printing Page With <iframe> Using Verticle Scroll.... Is There A Workaround??? Philip Ronan HTML 2 01-31-2006 03:07 PM
Login Box on the front page when using Tomcat Ben Jessel Java 0 07-25-2003 10:44 AM



Advertisments