Hi,
Suppose I've got a web based form that posts data to an action, and I
have that action protected by container form based authorization - how
does the ActionForm data get through.
I have a situation like this, and my ActionForm is empty after I've been
through the form-based login page.
One
Well I've just simplified by login form - plain html - no struts stuff
going on.
I've also simplified the filter so detects a fresh logon and starts a
session accordingly - no longer any redirecting to LoginAction.
However the critical behaviour is still the same - existingCustomerForm
At 1:59 PM + 3/26/04, Martin Alley wrote:
Well I've just simplified by login form - plain html - no struts stuff
going on.
I've also simplified the filter so detects a fresh logon and starts a
session accordingly - no longer any redirecting to LoginAction.
However the critical behaviour
Hi Joe,
I might be able to put some general code in the login form (as a jsp)
that puts all form data present in the previous page into the login form
so it could be passed on, but that will still leave the problem of the
method becomes GET instead of POST.
I'm really hoping there's a more
// save current URI as REDIRECT_URI in session
// redirect to login action
}
}
public class LoginAction extends Action {
public void execute(...) {
// do login
// login success
// redirect to REDIRECT_URI
I might be able to put some general code in the login form (as a jsp)
that puts all form data present in the previous page into the login form
so it could be passed on, but that will still leave the problem of the
method becomes GET instead of POST.
I'm really hoping there's a more elegant
Subject: RE: How does ActionForm data pass through container called form
based login page?
This is the only solution I can think of:
public class RedirectServletRequest extends HttpServletRequest {
public RedirectServletRequest(HttpServletRequest req) {
this.request = req
I think I need to do some simple test cases - with and without struts.
Martin
-Original Message-
From: Joe Germuska [mailto:[EMAIL PROTECTED]
Sent: 26 March 2004 15:20
To: Struts Users Mailing List
Subject: RE: How does ActionForm data pass through container called form
based login page
();
If ( !loggedIn ) {
// save all parameters to session
// save current URI as REDIRECT_URI in session
// redirect to login action
} else if ( redirectUriIsSet ) {
RedirectServletRequest newreq = new
RedirectServletRequest(request
I'll be very interested to here the outcome...
Thanks
Martin
-Original Message-
From: Pady Srinivasan [mailto:[EMAIL PROTECTED]
Sent: 26 March 2004 16:07
To: Struts Users Mailing List
Subject: RE: How does ActionForm data pass through container called form
based login page?
We were
I'm looking for examples or to be pointed in the right direction on how
to achieve the following.
I want my users to be able to access a mojority of my pages without having
to login, but if they select a specific page a small login pop-up window
would display which would require a valid user name
Hi,
You can consider the following ways:
1) You can associate an action class for the page that requires a username
and password. In that action class you can prompt for username and password.
Have a separate action class for the urls that doesn't require login.
2). Have a query string
]
Sent: Monday, March 22, 2004 1:35 PM
To: [EMAIL PROTECTED]
Subject: user login authentication and session timeout
I'm looking for examples or to be pointed in the right direction on how
to achieve the following.
I want my users to be able to access a mojority of my pages without having
to login
Hello everybody,
I am porting my application from Tomcat 4.1.29 to Tomcat 5.0.18.
I have a Struts ForwardAction mapped to /Login.do that produces the page
with login form.
Form based authentication is set with the following fragment of the
deployment descriptor:
login-config
auth-method FORM
I'm sorry to repost this question, but I wanted to add some more details:
I experimented by adding a test page to my protected directory that does not
use tiles. When I accessed that test page, got a 404: Page cannot be found.
So then I changed the following in my web.xml file from:
login
-data-constraint
/security-constraint
login-config
auth-methodFORM/auth-method
form-login-config
form-login-page.login/form-login-page
form-error-page.loginFailed/form-error-page
/form-login-config
/login-config
security-role
role-name
appAdmin
/role-name
Hi,
Can anyone help me how do I validate the login user session using struts
Plugin?.Explain me with examples as I am new to struts..
Thanks in Advance..
cheers
Sudhakar
DISCLAIMER:
This message (including attachment if any) is confidential and may be privileged.
Before opening
Hi,
There are many examples available on the web.
Try this http://struts.sourceforge.net/community/tutorials.html
If you mean Struts Validator plugin, I think login is not the best example
because Validator Plugins is about format of input .Validate a login
will generally access database to know
I'm writing a web application using JSP and Struts. I want to add a
security feature to my login page where if a user has three unsuccessful
logins they will be unable to log in for a certain period of time
afterwards. I can count the number of unsuccessful logins ok but how I'm
not sure how
One idea
The third time the login fails, register the time for that user.
When a login gets executed, if the last registered time for the given user
is less than the time interval you want - the login always fails.
The user must have something like:
User : id || login | password
: Ciaran Hanley [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 10:55 AM
To: [EMAIL PROTECTED]
Subject: Login Security
I'm writing a web application using JSP and Struts. I want to add a
security feature to my login page where if a user has three unsuccessful
logins they will be unable
BDY.RTF
Description: RTF file
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
and comparing it to the current time.
That way, I wont be using cookies, and will avoid blocking IP address.
Does that sound ok?
Ciaran
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 16 December 2003 20:46
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Login
: Tuesday, December 16, 2003 3:43 PM
To: 'Struts Users Mailing List'
Subject: RE: Login Security
I am storing the username and password in a table in a mySql database.
I think I will just add a field last_failure to the user table... and
after 3 unsuccessful attempts I will record the time
Btw, remember to flush the map for that username when they are able to login
successfully.
-Original Message-
From: Hookom, Jacob [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 3:46 PM
To: Struts Users Mailing List
Subject: RE: Login Security
Do a HashMap in the action:
Key
:[EMAIL PROTECTED]
Sent: 16 December 2003 20:46
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Login Security
Avoid the cookie solution, it's too easy for the user to bypass your
security measures and as mentioned below, this solution won't work if
the browser has disabled cookies
[EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 10:46 PM
Subject: RE: Login Security
Do a HashMap in the action:
Key is username
Value is Integer or Date
If ((value = map.get(key)) != null)
{
if (value instanceof Date)
{
// compare timeout
Several organizations expose the same IP address for most or all users. You'd be
blocking entire organizations because of one bad login.
--- Janusz_DziadoƱ [EMAIL PROTECTED] wrote:
I think, that you should register blocked IP anyway in database. It helps to
explain situations like below
You could apply what I described by defining the key as username+@+ip
Good idea!
-Original Message-
From: Janusz Dziadon [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 4:20 PM
To: Struts Users Mailing List
Subject: Re: Login Security
I think, that you should register
1. I was thinking on corporate solution, where any station has its own ip
(maybe from dhcp)
2. I suggested only to store IP, not to compare on next-login or permanent
block this IP. It is for future investigation only.
3. This organization may have been yet blocked because when has common
acount
of maybe storing ip addresses, (though
a malicious user could spoof these).
regards
Ajay
From: Janusz Dziadon [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Subject: Re: Login Security
Date: Tue, 16 Dec 2003 23:43:41 +0100
1
url-pattern/submit.do/url-pattern
/web-resource-collection
auth-constraint
role-nameadmin/role-name
/auth-constraint
/security-constraint
The container (Tomcat 4.1.24) is configured to ask credentials by means
of a FORM login, i.e.:
login-config
auth-methodFORM/auth-method
realm-nameprivate
Howdy All,
I am writing a custom login application.
Our organization has several web applications (Struts of course!)
one of which is a shopping cart.
The current login application adds two cookies to the users browser -
one that stores a number representing a price index and the other an id
on ) the existence of a
username/password then yes tie the PriceIndex into the Login
If the Price Index is not dependent on username/password then the PriceIndex
information cookies et al) should exist indepedently..
~my 2 cents~
-Martin
- Original Message -
From: Jonathan Hawkins [EMAIL PROTECTED
it was neccesary to be logged in to have permissions
to enter the requested action.
If the user was not logged in and that was a requirement for the action I
did send the user through a login page and back to the same requested
action. This meant that the parameters where send again
the programId parameter should be saved, then a login
should be done - displaying a login page where the
user enters username and password and upon login
the user is redirected to the track list page.
I can manage the redirection ofcorse, but I do not know
how to store and restore the request data
That one is pretty simple:
- Use a GET request so the programId is part of the URL.
- Store the whole URL, including the query string.
- Redirect back to the URL (including query string) after the login.
The more difficult case is POSTed parameters that don't show up on the query
string. All
I have several Struts apps with a form-based single signon using a JNDIRealm
with md5 passwords in openldap. I'm looking to pass username/password used
in Java login to other apps like horde, dotproject, among others for user
convenience. Sync of user account info between db stores used by other
PROTECTED]
Sent: Tuesday, October 07, 2003 7:26 AM
To: Struts Users Mailing List
Subject: RE: Container-Managed Authentication login-config in web.xml
vs . Specifying Paths in the struts-config.xml
But, I do not want to use BASIC authentication. I
have many different roles and hundreds of people
, October 06, 2003 4:45 PM
To: [EMAIL PROTECTED]
Subject: Container-Managed Authentication
login-config in web.xml vs.
Specifying Paths in the struts-config.xml
I use the Tomcat. I configured the Tomcat JDBCRealm
so that I can use programmic security testing, such
as
isUserInRole(), in my program
security testing programmically, such
as isUserInRole(), in my program.
If I use form based authentication, I insert the
login-config and its sub-elements in my web.xml file
(see below). As we know, the form-login-page and
form-error-page are required.
My question is that the container-managed
Don't put anything in struts-config, in web.xml, put:
login-config
auth-methodFORM/auth-method
form-login-config
form-login-page/login.jsp/form-login-page
form-error-page/login.jsp?error=true/form-error-page
/form-login-config
/login-config
Logical paths work fine for me in web.xml (using tomcat 4.1.x):
login-config
auth-methodFORM/auth-method
form-login-config
form-login-page
/do/login/edit
/form-login-page
form-error-page
/do/login/fail
/form-error-page
/form
Thanks a lot, Andrew. I got the idea.
--- Andrew Shirk [EMAIL PROTECTED] wrote:
Logical paths work fine for me in web.xml (using
tomcat 4.1.x):
login-config
auth-methodFORM/auth-method
form-login-config
form-login-page
/do/login/edit
/form
I use the Tomcat. I configured the Tomcat JDBCRealm
so that I can use programmic security testing, such as
isUserInRole(), in my program.
Because Tomcat JDBCRealm is form based, I inserted the
login-config and its sub-elements in my web.xml file
(see below). As we know, the form-login-page
4:45 PM
To: [EMAIL PROTECTED]
Subject: Container-Managed Authentication login-config in web.xml vs.
Specifying Paths in the struts-config.xml
I use the Tomcat. I configured the Tomcat JDBCRealm
so that I can use programmic security testing, such as
isUserInRole(), in my program.
Because Tomcat
Hi Caroline,
if I remember correctly, it is not possible to use Action servlet
mappings for the login and error pages in tomcat.
I do know for sure that it is recommended practice to keep those pages
seperate programmatically and to view them as part of the container
rather than part of your
app that might help you out:
http://raibledesigns.com/wiki/Wiki.jsp?page=SecurityExample
HTH,
Matt
-Original Message-
From: Caroline Jen [mailto:[EMAIL PROTECTED]
Sent: Monday, October 06, 2003 4:45 PM
To: [EMAIL PROTECTED]
Subject: Container-Managed Authentication
login
, there is no need for
struts to do anything. Struts only ever receives authenticated requests
since tomcat sorts that out before letting any through.
Adam
On 09/22/2003 05:49 AM Keith Pemberton wrote:
I'm having a bit of trouble trying to login to a Database Realm that I
have setup with JBoss. What I
http://www.theserverside.com/resources/article.jsp?l=JAAS
-Original Message-
From: Keith Pemberton [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 21, 2003 11:50 PM
To: [EMAIL PROTECTED]
Subject: JAAS Login using LoginAction...
I'm having a bit of trouble trying to login
I don't think that the things in this article work. For one thing, they
are using an auth.conf file and now everything for login module
configuration is stored in the login-config.xml file. Anyway, tried the
ideas from this website using JBoss 3.2.1 and Struts 1.1?
Keith
On Mon, 2003-09-22
Anyway, tried the
ideas from this website using JBoss 3.2.1 and Struts 1.1?
There's nothing specific to Struts you need concern yourself with.
The only thing that's struts related is how you get your login
information. I've used one of 2 methods:
1. Used a login.jsp, with username
I'm having a bit of trouble trying to login to a Database Realm that I
have setup with JBoss. What I would like to do is to be able to login
to the JAAS SecurityManager using a LoginAction. How is the best way to
go about this. I have tried just doing it by calling the LoginContext
login method
obvious solution has not been addressed:
What are the side-effects of directly pointing the error and login pages
directly to a struts action (in the example below /login.do) , rather than
to an HTML or JSP file? For example:
login-config
auth-methodFORM/auth-method
form-login-config
isn't it should be better to put his verification at actions? maybe a
common super action could validade it, but I think that the jsp should
be the last place to put it. Ideally, the jsp's are not even exposed to
clients, making the access the view only through actions.
David Thielen wrote:
-Original Message-
From: David Thielen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 26, 2003 4:16 PM
To: Struts-Users
Subject: login test in a jsp page - any suggestions
Hi;
I want to put a test in every jsp page to see if the user is logged in. And
if not, to forward them
I used login as a simple example. But I have another case that is not as
simple.
I have a 5 page check-out procedure. I want to set it up so that each page
will forward to the previous page if the previous page's input fields have
not been filled out yet. So each page has to do a different check
I would do this using Servlet Filters.
Thanks
-- pady
[EMAIL PROTECTED]
-Original Message-
From: David Thielen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 26, 2003 11:03 PM
To: Struts Users Mailing List
Subject: Re: login test in a jsp page - any suggestions
How can I set
on your
forms.
-Richard
-Original Message-
From: David Thielen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 26, 2003 8:03 PM
To: Struts Users Mailing List
Subject: Re: login test in a jsp page - any suggestions
How can I set things up so people can't get to a jsp page? I can set
Subject: Re: login test in a jsp page - any suggestions
isn't it should be better to put his verification at actions? maybe a
common super action could validade it, but I think that the jsp should
be the last place to put it. Ideally, the jsp's are not even exposed to
clients, making the access
:
1. session variable on user login, check the variable on each action
2. filter authentication
3. security contraints = container authentication (?)
4. using a tag in each jsp for the validation
Are there any other methods?
As for what method should one use I think depends on many factors like
To: Struts Users Mailing List
Subject: User authentication methods (or ways to login a user)
Hi,
I'm new to Struts and to getr used to it I developped an
application which has to log in a user by checking records
in a database. After reading more posts about user
Hi;
I want to put a test in every jsp page to see if the user is logged in. And if not, to
forward them to login.jsp. Is there any way to do this other than putting java code in
my jsp? I'm hoping there is some struts system like html:check app=MyAction/.
(Yes, I can have everything be an
Why not use a servlet filter ?
Thanks
-- pady
[EMAIL PROTECTED]
-Original Message-
From: David Thielen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 26, 2003 4:16 PM
To: Struts-Users
Subject: login test in a jsp page - any suggestions
Hi;
I want to put a test in every jsp page
:[EMAIL PROTECTED]
Sent: Thursday, August 21, 2003 9:55 AM
To: Struts Users Mailing List
Subject: Re: login request + ActionServlet RequestProcessor Action
Hmm
Strugling a bit with this one now.?? I have extended requestProcessor and
tried to perform a requestDispatch and responseRedirect
this as
a controller for a module as well. If you want a user to have multiple
levels, switch a simple int to a map, bit-mask, or other design of your
choosing.
3. All login-required actions now have a scope set to
'scope=level,loginActionPath' where level is a number such as 1, and the
loginActionPath
information available in
the struts-config.xml (or module) file(s).
Regards,
David
-Original Message-
From: Jung, Eric (Contractor) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 1:54 PM
To: Struts Users Mailing List
Subject: RE: login request
David,
If you implement
method, etc.
Regards,
David
---Original Message---
From: Andy Richards [EMAIL PROTECTED]
Sent: 08/20/03 09:46 AM
To: [EMAIL PROTECTED]
Subject: login request
Hi, i have created a form and a action which checks to see if a user
exists
in
my database and if so a value object
Hi
After deciding which approach to take and reading a few of my struts books
about the controller object ; ) I am now confused as which is the most
appropriate class to extend to perform my login functionality. David suggests
extending the base action class, however i have read
AuthenticationAction which handles all my user login stuff.
I can't extend from 2 classes, right? I then went on to research the
RequestProcessor. I used tiles of Struts 1.1 in my project so what I did
was I ported the AuthenticationAction code to say
AuthenticationRequestProcessor and it extends
handles all my user login stuff.
I can't extend from 2 classes, right? I then went on to research the
RequestProcessor. I used tiles of Struts 1.1 in my project so what I did
was I ported the AuthenticationAction code to say
AuthenticationRequestProcessor and it extends TilesRequestProcessor
-
|From: Andy Richards [mailto:[EMAIL PROTECTED]
|Sent: Thursday, August 21, 2003 2:19 PM
|To: Struts Users Mailing List
|Subject: Re: login request + ActionServlet RequestProcessor Action
|
|
|Hi
|
|After deciding which approach to take and reading a few of my struts books
|about the controller
of weeks back, I ran into a
problem where one of my Actions needs to extend a class to inherit some
functionality, but I was stucked because I need to extend my
AuthenticationAction which handles all my user login stuff.
I can't extend from 2 classes, right? I then went on to research
with global
exceptions in the stuts config to redirect the user to my login page (but no
joy!). Anyone have any ideas? Also what method should i override in the
RequestProcessor when handling my login?
many thanks
Andy
On Thursday 21 Aug 2003 11:40 am, Kok Wei, Koh wrote:
Yeah you should only need
Hello,
I used Struts to develop a web app which has a login form to permit access
to different functionnalities via a menu page. I use a session var I set at
login to check if the user has not logged out.
The problem that I have is, once I do the logoff, if I use the Back button
of the browser
if this
session object exists, and if not redirect the user to the login page?
many thanks
Andy
--
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
to a action called everytime a request is made? Can i
configure struts-config.xml to send all requests via an action to see if this
session object exists, and if not redirect the user to the login page?
many thanks
Andy
,
David
---Original Message---
From: Andy Richards [EMAIL PROTECTED]
Sent: 08/20/03 09:46 AM
To: [EMAIL PROTECTED]
Subject: login request
Hi, i have created a form and a action which checks to see if a user
exists
in
my database and if so a value object is placed into the session. What i
in your
application?
-eric
-Original Message-
From: David G. Friedman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 9:42 AM
To: Struts Users Mailing List; [EMAIL PROTECTED]
Subject: Re: login request
Dear Andy,
I'm doing the same thing you suggest. My approach
Hi,
This is my first Struts app, I have a login.jsp in which I have declared a
form tag with action as login.do and I have two buttons(a login button and a
browse button) on the page.
I have written a form bean and an action class also. While trying to access
login.jsp I get an Internal Server
probably because the error message says login
whilst your config says /Login
your config should say action path=/login
From: Seshadhri Srinivasan [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED]
To: 'Struts Users Mailing List' [EMAIL PROTECTED]
CC: Balabaskaran
In some of my action mappings I am providing XML output for anybody and
it shouldn't be protected by any web.xml security-constraint, but for
the rest, I need login security which I already have set up.
What I have come up with after a slight false start is a plan to have
all my secured
it can't see the login and error pages
under WEB-INF.
The only options I think I have is (a) use html files not under WEB-INF
or (b) set up an action forward mapping to inside WEB-INF
I want to use JSPs and not just html files because I want to localise
them for language etc.
But I am not sure
On Thu, 17 Jul 2003, Adam Hardy wrote:
Date: Thu, 17 Jul 2003 11:34:49 +0200
From: Adam Hardy [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Subject: login for half my action mappings, leaving other half unsecured
Hi,
I have a following requirement,
there are 2 links on a webpage, when the user clicks
on 1st link show the user login screen if he is not
logged in( ihave login info in session), if the login
is valid forward the request to 1st html page,
if the user clicks on 2nd link, again show the login
: Tuesday, July 15, 2003 2:42 PM
To: [EMAIL PROTECTED]
Subject: login framework
Hi,
I have a following requirement,
there are 2 links on a webpage, when the user clicks
on 1st link show the user login screen if he is not
logged in( ihave login info in session), if the login
is valid forward
]
Sent: Wednesday, July 09, 2003 11:19 AM
To: Struts Users Mailing List
Subject: RE: Login Form
On Tue, 2003-07-08 at 20:34, Erez Efrati wrote:
Thanks Sean,
I looked at it and it does avoid the BIG limitation posed by the
standard spec in fact. Still I cannot use it since it disables
?
Thanks,
Erez
-Original Message-
From: Sean Radford [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 11:26 AM
To: Struts Users Mailing List
Subject: RE: Login Form
All,
Please find attached my securityfilter realm adaptor. The other code I
was waiting for hasn't materialised, so I
[mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 11:26 AM
To: Struts Users Mailing List
Subject: RE: Login Form
All,
Please find attached my securityfilter realm adaptor. The other code I
was waiting for hasn't materialised, so I couldn't do any comparison -
but it seems to work
Thanks a lot Sean, I will try it and let you know how it works.
Thanks for your great help,
Erez
-Original Message-
From: Sean Radford [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 12:28 PM
To: Struts Users Mailing List
Subject: RE: Login Form
Erez,
Things you need to do
To: 'Struts Users Mailing List'
Subject: RE: Login Form
Thanks a lot Sean, I will try it and let you know how it works.
Thanks for your great help,
Erez
-Original Message-
From: Sean Radford [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 12:28 PM
To: Struts Users Mailing List
Subject: RE: Login Form
Just need to include the relevant JBoss jar(s) on your classpath in
JBuilder... For JBoss 4 it is simply jboss.jar (found in
JBOSS_HOME/server/CONFIG/lib)
:-)
Sean
--
Dr. Sean Radford, MBBS, MSc
[EMAIL PROTECTED]
http://bladesys.demon.co.uk/
Blade Systems
On Thu, 2003-07
On Thu, 10 Jul 2003, Erez Efrati wrote:
Date: Thu, 10 Jul 2003 20:29:11 +0200
From: Erez Efrati [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED]
To: 'Struts Users Mailing List' [EMAIL PROTECTED]
Subject: RE: Login Form
Yep, I've done that and it's compiling
from the Servlet spec and is not addressed. Why is it
that way? Is it so unusual to want to have the login fields on the start
page??
Not unusual at all... And many Java sites have it that way, but they
don't necessarily use container authentication and they probably don't
use EJB's (many people
Radford [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 09, 2003 11:19 AM
To: Struts Users Mailing List
Subject: RE: Login Form
On Tue, 2003-07-08 at 20:34, Erez Efrati wrote:
Thanks Sean,
I looked at it and it does avoid the BIG limitation posed by the
standard spec in fact. Still I cannot use
-methodFORM/auth-method clauses inside the Web.xml file.
In my web site I want to have the site home page to have also a small
login form where the user could enter username and password and login to
the site. The home page, contains other links as well, which lead to
other parts of the site or even
Not sure if I understand it entirely. But you can use an iframe for the login
form(protected page) on the site home page. Something like:
iframe name='logon_frame' id='logon_frame' style='width:100%; height:120;'
SCROLLING='no' src='https://localhost:8443/logon_iframe.jsp'/iframe
Hope
Yansheng Lin, I didn't understand, sorry.
All I want to do is enable the users to login into my site from the
starting page of the web site.
Is it possible to post the a form action='j_security_check'? I mean
before accessing a protected page which the Tomcat protects and sends me
the my login
Oh I thought you had trouble accessing a protected login page from a non-secure
page.
Is this what you want to do in your main page?
FORM method=post action='my_security_check'
User ID: INPUT name='j_username' type='text' size='20' /BR/
Password: INPUT name='j_password' type='password' size
Here is the link:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg14215.html
-
Oh I thought you had trouble accessing a protected login page from a non-secure
page.
Is this what you want to do in your main page?
FORM method=post action='my_security_check'
User ID
1 - 100 of 298 matches
Mail list logo