Ok then I think the problem is not understood ;)
My form authentication does work. In fact I scabbed the whole security sample :P
Like I noted... When I type the protected resources URL in the browser address bar. Tomcats authentication kicks in and redirects me to the login page I specified in my web.xml I type the username and password that is stored in mysql and I login. This works fine.
What I want to do is access the protected resource from an unprotected resource. For intsance on the welcome page of my web app which everyone can see. I want to add a login form which will login the user and give him access to the protect resource.
One solution is to just put a "Sign-In" link which will in turn try to access the protected resource, but since the visitor is not logged in, he will be redirected to the login page.
The other solution which I want is to offer a login page directly on the welcome page. Of course I canot just put a form on the welcome page with action="<%=request.encodeURL("j_security_check")%>" The browser wouldn't know where to post to.
Yiannis Mavroukakis wrote:
<english> Anastasie I think what Robert means is you should "steal" some code from the existing examples in Tomcat. </english>
<greek> Yparxoune epishs kai alloi tropoi pou boreis na to kaneis ayto..boreis kalista na exeis authentication mesw tou Apache kai enos module pou koitaei gia valid accounts sthn mySQL sou. </greek>
Happy coding,
Yiannis
-----Original Message----- From: Anastasios Angelidis [mailto:[EMAIL PROTECTED] Sent: 26 July 2004 14:13 To: Tomcat Users List Subject: Re: Beyond bassic form authentication?
Does any one have any ideas on this? What is code scabbing?
Thanks
Robert Harper wrote:
Did you try scabbing code from the login.jsp? You may want to use that and the user will gain access to the areas allowed with their group or role.
Robert S. Harper 801.265.8800 ex. 255
-----Original Message----- From: Anastasios Angelidis [mailto:[EMAIL PROTECTED] Sent: Friday, July 23, 2004 7:37 AM To: [EMAIL PROTECTED] Subject: Beyond bassic form authentication?
So I setup my web app to use Form Authentication with a User Realm in my MySQL DB. It all works fine. I type the protected resources URL into the browser, I get redirected to the login page, I login and behold it works! ;)
Now how would I give access to a secure resource from an unsecure resource. For instance...
My webapp has a front page with recent news, welcome message etc... Standard home page stuff... Obviously I can put a sign-in link that will try to access the protected resource, which will then redirect to the login page... But is there a way to put a login form on the home page directly and post that form for authentication and from there give access to the protected resource?
Thanks
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs.
Note:__________________________________________________________________ This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Jaguar Freight Services and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
