Use a regular form tag for the login page. The form will not be submitted to a Struts action but rather it will be processed by the filter. There is no way to call an Action during the authentication process. This is very similar to how container-managed security works.
One difference between container security and SecurityFilter is that you can specify a "default" page to send the user to after they login, if they arrive at the login page on their own. Normally, users are automatically sent to the login page by the filter (just like container security) when they try to access a page they need to be authenticated for. If that is the case, SecurityFilter will redirect them to the page they were going to after they are authenticated: SCENARIO 1: User goes directly to login page: GET /login.jsp POST /j_security_check (server redirects user to the configured "default" page -- /defaultPage.do in this example) GET /defaultPage.do SCENARIO 2: Filter sends user to login page GET /mustBeLoggedInToSeeThisPage.do (server redirects to /login.jsp) GET /login.jsp POST /j_security_check (server redirects to /mustBeLoggedInToSeeThisPage.do) GET /mustBeLoggedInToSeeThisPage.do -Max ----- Original Message ----- From: "Dirk Manske (Service Respond)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 30, 2004 6:00 AM Subject: SecurityFilter with Struts > Hi, > > I try to integrate SecurityFilter 1.1 in my struts app. I understand that I > have to use "j_security_check" in my form action to setup SecurityFilter. > But how does it work within a <html:form>? Because "j_security_check" always > gets populated to "j_security_check.do" the SecurityFilter will never be > called!? So how should my login.jsp be designed to pass "j_security_check" > and after this forward to an struts action class? > > any idea? > > thanks, > > Dirk > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
