Tomcat form authentication: log in from index page instead of login page

Question

I am using form based authentication so users have to log in to view certain protected pages. This is working fine, but I would like to be able to log in before trying to access any protected resources. When I place the form in my index.jsp page I get a "Invalid direct reference to form login page" error when logging in. My question: is it possible to log in directly from the index page (or any other page, before being redirected to the login page)?

Answer 1

It is possible, provided you use Tomcat version 7 or later.

With this version was added a landingPage attribute to the FormAuthenticator which should do what you want from the description :

Controls the behavior of the FORM authentication process if the process is misused, for >example by directly requesting the login page or delaying logging in for so long that the >session expires. If this attribute is set, rather than returning an error response code, >Tomcat will redirect the user to the specified landing page if the login form is >submitted with valid credentials.

see Tomcat 7 documentation.

To add that attribute, you will have to modify your <Context> to add, for example:

<Valve className="org.apache.catalina.authenticator.FormAuthenticator" landingPage="exemple.jsp" />

with exemple.jsp under a security-constraint.