If the authentication is realized by the container (the realm), you can't access the request before the authentication takes over. If you really want to do it, don't define the security constraint in your web.xml, and make your own application security mechanism (use filter, and forward or redirect on login page).
-----Message d'origine----- De : Wade Chandler [mailto:[EMAIL PROTECTED] Envoyé : mercredi 11 mai 2005 07:10 À : Tomcat Users List Objet : Re: Form Based Authentication Wade Chandler wrote: > I have form based authentication working. But, I need the login form to > be a little more dynamic. For instance, I want to use different forms > for different areas and not always use the same form. Is this possible? > For instance, under one site I want to limit URLs to different logins. > I realize I should just have a login and have a userid and a password, > but my customer wants to simply have an access code to certain pages or > directories. I would like to use form based authentication then I can > have the userid as a hidden variable, and then have a password entered > by the user, but for some admin screens I need the user to actually > enter the userid and password both.... > > I hope that makes sense. I can't figure out how to setup a security > constraint which can force a particular login form to be used if the > user is not logged in yet. > > Thanks, > > Wade > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Ok, So I think I should be able to do this with a filter, but I need some help. Basically it looks like I should be able to use a filter to some how get the original target before the authentication form is displayed....is this correct? Basically I need to some how know when a particular URL pattern is being displayed or is attempted to be accessed...before the login form is displayed. When it is displayed I'll set an attribute in the request in the filters doFilter method. However, now I need to know how I can access the Request before the authentication mechanism takes over I suppose because from my login form accessing the getPathInfo() method is returning the login form information when I really need to know the actual path the user was attempting to access. So, can I use a filter to do this, and if so how do I make sure my filter is called in time to give me the information I need? Thanks, Wade --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
