Richard Chamberlain wrote: > After I sent my previous message I played around a bit and it became > clear that I was misinterpreting how to use form login. > > I'll explain what I want to do and perhaps somebody would be kind > enough to point me in the right direction. > > I have a page that I only want members to be able to get to, member.jsp > for instance. > > At the moment I've got it set up so attempting to access member.jsp > will redirect you to the index page at which point you can login in and > then be redirected to the member page. All works ok. > > However what I actually want is a form login on each page of the site > and when a user logs in they get redirected to member.jsp. At the > moment that gives me a invalid direct reference to form login page > because tomcat wants me to go to member.jsp first and then be > redirected to a form. > > Do I have to write myself some authentication code in this case? > > This was very easy in resin because you just mapped the > j_security_check servlet and everything worked as I've outlined. >
Do you mean that you actually have the login form embedded in every public page? Doesn't that clutter up your pages unnecessarily? What I do is to have a "Login" button on every public page. The login button sends the user to the "private" home page. Since this is subject to a security restriction, the user is diverted to a login page first. Once logged in, he is automagically redirected to the "private" home page. This works well! HTH, Martin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>