Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

j_security_check redirect

Tags:

java

servlets

j-security-check

I am learning Java servlets on Tomcat environment. I am learning how to use form based login authentication using j_security_check. So, in my servlet, I have a login page that has j_username and j_password. In web.xml file of that servlet, I have the welcome page list indicating my landing page, "landing.html". So, ideally, after successful login, I want the user to get redirected to "landing.html" page.

Without the authentication (no form based authentication), My servlet opens up and goes to "landing.html" page as expected ("localhost:8080/MyServlet" - shows the content of the landing.html).

However, now, after a successful login with j_security_check, for some reason, I get automatically redirected to the .css file for "landing.html" file. I can't understand why is this happening.

Is there a particular way how I can tell the server to just load the "landing.html" page after successful authentication and not forward it to any where else?

EDIT

*Okay, I solved it. The css file which was loading after successful authentication was listed within the <head></head> tags of the login.html page where the j_username and j_password are. I added that css file to make the login page's design consist with the rest of the website. My guess is that when the server is re-loading the wanted resource, for some reason it was simply re-loading the top css file from the head tag. Really weird. So, is j_security_check is the best way to do any authentication for websites on Tomcat or is there a better and more reliable way?*

like image 646
BlueChips23 Avatar asked Mar 02 '12 05:03

BlueChips23

1 Answers

The behavior of form-based authentication is the following:

  • the browser sends a request to a protected URL
  • the server intercepts its request, sees that you're not authenticated, and redirects to the loginf form page
  • the user logs in
  • the server redirects to the URL that triggered the authentication: the protected URL asked in the first step.

This is good, because it allows a user to bookmark a protected page, come back the next day to this bookmarked page, log in, and go directly to the bookmarked page rather than the welcome page.

My guess is that the landing page is not protected, but its CSS file is. So the request that triggers the authenticationis the request that tries to load the CSS file, which causes the user to be redirected to the CSS file.

like image 133
JB Nizet Avatar answered Sep 29 '22 02:09

JB Nizet
Sign in to Comment

Related questions

SLF4J logging to file vs. DB vs. Solr
Why do we have to use an intermediary variable for @SuppressWarnings("unchecked")?
How to hide the default minimize/maximize and close buttons on JFrame window in Java?
How to keep a ScrollView to be scrolled to the Bottom?
Java - Typecasting from Java.lang.Object to an instance of a custom Class
why is this Spring AOP pointcut not triggered?
Card Game Player Class OOP Design
Writing a query with QueryDSL JPA with many to many mapping
Java SWT: widgetSelected vs widgetDefaultSelected
Drawing rectangle on a JPanel
How to choose between whitespace pattern?
JOptionPane vs. JDialog
"build.properties does not exist" error in MyEclipse
Java execute command line program
Magically call methods in Java
How to save state when extending UIComponentBase
Java Iterator Concurrency
how to access Enum fields in playframework template
Get all possible combinations of characters in an array
Is model driven architecture worth it and what is the state of the art in the tooling?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!