Dear all,

I'm implementing "remember me" login functionality using
FORM authentication, a LoginServlet and a Filter.
It's very much based on the code in an earlier posting to
this list

 From: Raible, Matt
 Subject: RE: Form based security and "Remember Me"
 Date: Fri, 21 Feb 2003 07:33:22 -0800

My set up works fine when my <FORM> uses "j_security_check" as it's
action but using a redirect from a servlet seems to fail with
a 403 error. I've debugged the servlet so I know it's getting
to it and doing what I expect.


In the original mail, Matt's servlet call is...

 - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 String username =
request.getParameter("j_username").toLowerCase();
 String password = request.getParameter("j_password");
 
 ...

 String req =
    "j_security_check?j_username=" +
     RequestUtils.encodeURL(username)
    + "&j_password=" +
     RequestUtils.encodeURL(password);

 response.sendRedirect(response.encodeRedirectURL(req));

 - - - - - - - - - - - - - - - - - - - - - - - - - -


I don't have the "RequestUtils.encodeURL()" in my version.

 a) Do I need them? - the html form seems for work
   even if the password field is plain text when the
   action is set to "j_security_check".
 b) Where do I get these methods? Aren't they somewhere
   in Struts? Do I really have to bring down all of that
   stuff?

For completeness here's my code...

 - - - - - - - - - - - - - - - - - - - - - - - - - -

    String req =
       "j_security_check?j_username=" +
     request.getParameter("j_username")
       + "&j_password=" +
     request.getParameter("j_password");
       
    response.sendRedirect(response.encodeRedirectURL(req));

 - - - - - - - - - - - - - - - - - - - - - - - - - -

Any help would be fantastic.


Best regards
Chris


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)