Here is what I'm thinking: I'm going in configure a realm that uses a db to store the user information (I'll prob. end up posting questions about that one :) ).
I'll use the taglib-request tags to provide security down to the 'within html' level. That along with the <logic-present> tags and tiles should get me where I need to go correct? I'll use the web.xml configuration to handle all the rest of the security. Thanks for all the help on that one. Here is another question for you: I have a servlet that I preload that loads all of my configuration info for my app. I want it to use the common-logging api to do the logging and actually use log4j. The issue I am having is that even though my log4j-conf.xml gets read in all my logging output goes to tomcat's logs and not the one's I have specified. So, two questions: Should I be preloading the servlet that way or is there someway in struts to do it? How do I get my code to use it's own log4j configuration? Again, thanks for all the help so far..... ----- Original Message ----- From: "Barney Hamish" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Thursday, February 13, 2003 10:54 AM Subject: RE: Form based security > No struts doesn't have a security model of its own but it does make it > considerably easier to build your own if that's the path you want to go down > > > -----Original Message----- > > From: Sloan Seaman [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, February 13, 2003 4:52 PM > > To: Tomcat Users List > > Subject: Re: Form based security > > > > > > Ok, I've got it now... > > > > Thanks for the information. > > > > Now my manager is saying he wasnted it all done in Struts and > > that Struts > > has a security model that I should be using. Is he wrong? I > > though struts > > was just tag libs and an MVC for hitting business logic. > > > > Time for me to learn struts now I guess... > > > > -- > > Sloan > > > > ----- Original Message ----- > > From: "Barney Hamish" <[EMAIL PROTECTED]> > > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > > Sent: Thursday, February 13, 2003 10:33 AM > > Subject: RE: Form based security > > > > > > > I think you've got the wrong idea about how the form-based > > security works. > > > It is counter-intuitive I agree but anyway... > > > > > > Firstly the login form should not be in the secure area. > > > Define as the default page something in the secure area. > > > When the user tries to go to this default page tomcat will > > redirect them > > to > > > the login page. > > > After they've logged in successfully Tomcat wil redirect > > them to the page > > > they originally asked for (i.e. the default page). > > > > > > You don't need a filter to do this. Tomcat does it > > automatically for you. > > > > > > Hamish > > > > > > > -----Original Message----- > > > > From: Sloan Seaman [mailto:[EMAIL PROTECTED]] > > > > Sent: Thursday, February 13, 2003 4:32 PM > > > > To: Tomcat Users List > > > > Subject: Re: Form based security > > > > > > > > > > > > Ok, I figured most of the things out. > > > > > > > > My next question (along the same lines) is this: > > > > > > > > I have a link to the login.jsp which is now in a > > > > security-constraint area. > > > > When they use the login.jsp successfully it complains about: > > > > Invalid direct reference to form login page > > > > > > > > How do I use the login page and define a page for a > > successful login? > > > > > > > > Thanks! > > > > > > > > -- > > > > Sloan > > > > > > > > ----- Original Message ----- > > > > From: "Sloan Seaman" <[EMAIL PROTECTED]> > > > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > > > > Sent: Thursday, February 13, 2003 10:01 AM > > > > Subject: Re: Form based security > > > > > > > > > > > > > I have a filter set up so that if they don't go to the > > index.jsp or > > > > > login.jsp it will redirect them to the login.jsp. > > > > > (is that the best way?) > > > > > > > > > > So basically they either go to the index.jsp or login.jsp > > > > page. How do I > > > > > list a page as secure? > > > > > > > > > > Do I have to wirte code for the j_security_check or is this > > > > something > > > > within > > > > > tomcat? > > > > > > > > > > ----- Original Message ----- > > > > > From: "Barney Hamish" <[EMAIL PROTECTED]> > > > > > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > > > > > Sent: Thursday, February 13, 2003 9:50 AM > > > > > Subject: RE: Form based security > > > > > > > > > > > > > > > > Are you going directly to the login page? If so then you > > > > need to go to a > > > > > > page in that's listed as being secure. You will then be > > > > forwarded to the > > > > > > login page. When you've logged in successfully then > > you will be > > > > forwarded > > > > > to > > > > > > the page you originally requested. > > > > > > Hamish > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Sloan Seaman [mailto:[EMAIL PROTECTED]] > > > > > > > Sent: Thursday, February 13, 2003 3:48 PM > > > > > > > To: [EMAIL PROTECTED] > > > > > > > Subject: Form based security > > > > > > > > > > > > > > > > > > > > > I'm attempting to do form based security and I keep > > getting a > > > > > > > 404 error when > > > > > > > I click the submit button. > > > > > > > > > > > > > > I'm guessing I'm missing some type of configuration in the > > > > > > > server.xml..... > > > > > > > > > > > > > > The form I am using is: > > > > > > > <form method="POST" action="j_security_check"> > > > > > > > <input type="text" name="j_username"/> > > > > > > > <input type="password" name="j_password"/> > > > > > > > <input type="submit" value="Submit"> > > > > > > > </form> > > > > > > > > > > > > > > > > > > > > > And I have the following in my web.xml > > > > > > > <login-config> > > > > > > > <auth-method>FORM</auth-method> > > > > > > > <form-login-config> > > > > > > > <form-login-page>/login.jsp</form-login-page> > > > > > > > <form-error-page>/login-error.jsp</form-error-page> > > > > > > > </form-login-config> > > > > > > > </login-config> > > > > > > > > > > > > > > Can anyone help me out here? > > > > > > > > > > > > > > -- > > > > > > > Sloan > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > To unsubscribe, e-mail: > > > > [EMAIL PROTECTED] > > > > > > > For additional commands, e-mail: > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > > > For additional commands, e-mail: > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
