Oops, this isn't entirely true: "There is no way to call an Action during the authentication process."
You can have your login page be an action (/login.do) -- I just meant that you can't execute an action when that page is submitted. In other words, you can't process the login request with an Action, or have an Action do additional authentication-time processing when the login page is submitted. -Max ----- Original Message ----- From: "Max Cooper" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Friday, January 30, 2004 1:19 PM Subject: Re: SecurityFilter with Struts > Use a regular form tag for the login page. The form will not be submitted to > a Struts action but rather it will be processed by the filter. There is no > way to call an Action during the authentication process. This is very > similar to how container-managed security works. > > One difference between container security and SecurityFilter is that you can > specify a "default" page to send the user to after they login, if they > arrive at the login page on their own. Normally, users are automatically > sent to the login page by the filter (just like container security) when > they try to access a page they need to be authenticated for. If that is the > case, SecurityFilter will redirect them to the page they were going to after > they are authenticated: > > SCENARIO 1: User goes directly to login page: > > GET /login.jsp > POST /j_security_check > (server redirects user to the configured "default" page -- /defaultPage.do > in this example) > GET /defaultPage.do > > SCENARIO 2: Filter sends user to login page > > GET /mustBeLoggedInToSeeThisPage.do > (server redirects to /login.jsp) > GET /login.jsp > POST /j_security_check > (server redirects to /mustBeLoggedInToSeeThisPage.do) > GET /mustBeLoggedInToSeeThisPage.do > > -Max > > ----- Original Message ----- > From: "Dirk Manske (Service Respond)" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, January 30, 2004 6:00 AM > Subject: SecurityFilter with Struts > > > > Hi, > > > > I try to integrate SecurityFilter 1.1 in my struts app. I understand that > I > > have to use "j_security_check" in my form action to setup SecurityFilter. > > But how does it work within a <html:form>? Because "j_security_check" > always > > gets populated to "j_security_check.do" the SecurityFilter will never be > > called!? So how should my login.jsp be designed to pass "j_security_check" > > and after this forward to an struts action class? > > > > any idea? > > > > thanks, > > > > Dirk > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
