Disable redirection to the last available resource in the login form Glass Glassfish

Question

Disable redirection to the last available resource in the login form Glass Glassfish

I am going to rewrite my previous question.

Glassfish redirects after entering the form to the last available resource, how can I disable this?

Our problem is that we get 415 in FF and IE, because if I have a JSESSION cookie, Glassfish will be redirected to the last resource that I tried to access, but does not switch the content type from (x-form- urlencoded).

Pseudo example (requests - XMLHttpRequest of browsers):

GET /secure/resouce1 (json) -> Response "you're not logged in." GET /login.xhtml POST /j_secure (x-form-urlencoded) -> New location /secure/resource1 (x-form-urlencoded) GET /secure/resource1 (x-form-urlencoded) <- HTTP ERROR 415 content type not JSON.

+4

java redirect http glassfish http-status-code-415

Magnus Apr 11 '13 at 11:29

source share

3 answers

Paramaeleon · Answer 1 · 2013-04-22T07:06:47+0000

You probably need to write Filter to check and catch this case. I like this tutorial (hoping that the English translation is clear).

Dror Bereznitsky · Answer 2 · 2013-04-23T11:28:12+0000

In my opinion, it is better to use basic or digest authentication via SSL for RESTful services. Other options include credentials as part of the payload or the creation of a special login service that accepts credentials and returns a token. There are various reasons why formal authentication is less suitable for the RESTful service: it requires a session, it does not use existing HTTP authorization, etc.
If you need to call RESTful using AJAX, then using an authentication cookie may be a valid solution. They should only affect whether the user can make a call, but not how the server responds.

If you want to use forms-based authentication for your application, I would suggest adding an additional JAAS authentication provider that will handle RESTful service authentication. You can read about it here .

Another option, which should be simpler than JAAS, would be to use Spring Security or Apache Shiro instead of container based validation. Here's an example of setting up form-based validation using Spring Security. This post shows an example of how to secure RESTful services with Spring Security.

Arien chen · Answer 3 · 2013-06-07T01:24:34+0000

on the login page

reset cookie JSESSIONID to prevent last page redirection

//login_form.jsp

Cookie jsess = new Cookie ("JSESSIONID", null);

jsess.setMaxAge (0);

jsess.setPath (pageContext.getServletContext () getContextPath ().);

response.addCookie (jsess);

Disable redirection to the last available resource in the login form Glass Glassfish

More articles: