j_security_check重定向 [英] j_security_check redirect
问题描述
我正在学习Tomcat环境中的Java servlet。我正在学习如何使用j_security_check使用基于表单的登录身份验证。所以,在我的servlet中,我有一个具有j_username和j_password的登录页面。在该servlet的web.xml文件中,我有欢迎页面列表,指示我的登录页面landing.html。因此,理想情况下,在成功登录后,我希望用户被重定向到landing.html页面。
I am learning Java servlets on Tomcat environment. I am learning how to use form based login authentication using j_security_check. So, in my servlet, I have a login page that has j_username and j_password. In web.xml file of that servlet, I have the welcome page list indicating my landing page, "landing.html". So, ideally, after successful login, I want the user to get redirected to "landing.html" page.
没有身份验证(没有基于表单的身份验证),我的servlet打开并按预期转到landing.html页面(localhost:8080 / MyServlet - 显示landing.html的内容)。
Without the authentication (no form based authentication), My servlet opens up and goes to "landing.html" page as expected ("localhost:8080/MyServlet" - shows the content of the landing.html).
但是,现在在使用j_security_check成功登录后,由于某种原因,我会自动重定向到landing.html文件的.css文件。我不明白为什么会这样。
However, now, after a successful login with j_security_check, for some reason, I get automatically redirected to the .css file for "landing.html" file. I can't understand why is this happening.
我是否有一种特殊方式告诉服务器在成功验证后只加载landing.html页面而不将其转发到其他任何地方?
Is there a particular way how I can tell the server to just load the "landing.html" page after successful authentication and not forward it to any where else?
编辑
*好的,我解决了。
成功验证后加载的css文件列在login.html页面的< head>< / head> 标记中,其中j_username和j_password是。我添加了css文件,使登录页面的设计与网站的其余部分一致。我的猜测是,当服务器重新加载所需资源时,由于某种原因,它只是从头标记重新加载顶级css文件。
真的很奇怪。
那么,j_security_check是对Tomcat上的网站进行任何身份验证的最佳方式还是有更好更可靠的方式?*
*Okay, I solved it.
The css file which was loading after successful authentication was listed within the <head></head> tags of the login.html page where the j_username and j_password are. I added that css file to make the login page's design consist with the rest of the website. My guess is that when the server is re-loading the wanted resource, for some reason it was simply re-loading the top css file from the head tag.
Really weird.
So, is j_security_check is the best way to do any authentication for websites on Tomcat or is there a better and more reliable way?*
推荐答案
基于表单的身份验证的行为如下:
The behavior of form-based authentication is the following:
- 浏览器向受保护的URL发送请求
- 服务器拦截其请求,发现您未经过身份验证,并重定向到loginf表单页面
- 用户登录
- 服务器重定向到触发身份验证的URL:第一步中询问受保护的URL。
- the browser sends a request to a protected URL
- the server intercepts its request, sees that you're not authenticated, and redirects to the loginf form page
- the user logs in
- the server redirects to the URL that triggered the authentication: the protected URL asked in the first step.
这很好,因为它允许用户为受保护的页面添加书签,第二天回到这个加入书签的页面,登录,然后直接进入书签页面而不是欢迎页面。
This is good, because it allows a user to bookmark a protected page, come back the next day to this bookmarked page, log in, and go directly to the bookmarked page rather than the welcome page.
我的猜测是着陆页不受保护,但其CSS文件是。因此,触发身份验证的请求是尝试加载CSS文件的请求,这会导致用户被重定向到CSS文件。
My guess is that the landing page is not protected, but its CSS file is. So the request that triggers the authenticationis the request that tries to load the CSS file, which causes the user to be redirected to the CSS file.
这篇关于j_security_check重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
