Back to the validation stuff. Ok, it validates my user based on the user info in tomcat-users.xml but it doesn't seem to be putting them in their roles.
When I use the request taglibs isUserInRole tag to check on things the role is always empty. Am I missing a step or do I manually have to put the use in the role? If so, How? Thanks again! -- Sloan ----- Original Message ----- From: "Barney Hamish" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Thursday, February 13, 2003 10:54 AM Subject: RE: Form based security > No struts doesn't have a security model of its own but it does make it > considerably easier to build your own if that's the path you want to go down > > > -----Original Message----- > > From: Sloan Seaman [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, February 13, 2003 4:52 PM > > To: Tomcat Users List > > Subject: Re: Form based security > > > > > > Ok, I've got it now... > > > > Thanks for the information. > > > > Now my manager is saying he wasnted it all done in Struts and > > that Struts > > has a security model that I should be using. Is he wrong? I > > though struts > > was just tag libs and an MVC for hitting business logic. > > > > Time for me to learn struts now I guess... > > > > -- > > Sloan > > > > ----- Original Message ----- > > From: "Barney Hamish" <[EMAIL PROTECTED]> > > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > > Sent: Thursday, February 13, 2003 10:33 AM > > Subject: RE: Form based security > > > > > > > I think you've got the wrong idea about how the form-based > > security works. > > > It is counter-intuitive I agree but anyway... > > > > > > Firstly the login form should not be in the secure area. > > > Define as the default page something in the secure area. > > > When the user tries to go to this default page tomcat will > > redirect them > > to > > > the login page. > > > After they've logged in successfully Tomcat wil redirect > > them to the page > > > they originally asked for (i.e. the default page). > > > > > > You don't need a filter to do this. Tomcat does it > > automatically for you. > > > > > > Hamish > > > > > > > -----Original Message----- > > > > From: Sloan Seaman [mailto:[EMAIL PROTECTED]] > > > > Sent: Thursday, February 13, 2003 4:32 PM > > > > To: Tomcat Users List > > > > Subject: Re: Form based security > > > > > > > > > > > > Ok, I figured most of the things out. > > > > > > > > My next question (along the same lines) is this: > > > > > > > > I have a link to the login.jsp which is now in a > > > > security-constraint area. > > > > When they use the login.jsp successfully it complains about: > > > > Invalid direct reference to form login page > > > > > > > > How do I use the login page and define a page for a > > successful login? > > > > > > > > Thanks! > > > > > > > > -- > > > > Sloan > > > > > > > > ----- Original Message ----- > > > > From: "Sloan Seaman" <[EMAIL PROTECTED]> > > > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > > > > Sent: Thursday, February 13, 2003 10:01 AM > > > > Subject: Re: Form based security > > > > > > > > > > > > > I have a filter set up so that if they don't go to the > > index.jsp or > > > > > login.jsp it will redirect them to the login.jsp. > > > > > (is that the best way?) > > > > > > > > > > So basically they either go to the index.jsp or login.jsp > > > > page. How do I > > > > > list a page as secure? > > > > > > > > > > Do I have to wirte code for the j_security_check or is this > > > > something > > > > within > > > > > tomcat? > > > > > > > > > > ----- Original Message ----- > > > > > From: "Barney Hamish" <[EMAIL PROTECTED]> > > > > > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > > > > > Sent: Thursday, February 13, 2003 9:50 AM > > > > > Subject: RE: Form based security > > > > > > > > > > > > > > > > Are you going directly to the login page? If so then you > > > > need to go to a > > > > > > page in that's listed as being secure. You will then be > > > > forwarded to the > > > > > > login page. When you've logged in successfully then > > you will be > > > > forwarded > > > > > to > > > > > > the page you originally requested. > > > > > > Hamish > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Sloan Seaman [mailto:[EMAIL PROTECTED]] > > > > > > > Sent: Thursday, February 13, 2003 3:48 PM > > > > > > > To: [EMAIL PROTECTED] > > > > > > > Subject: Form based security > > > > > > > > > > > > > > > > > > > > > I'm attempting to do form based security and I keep > > getting a > > > > > > > 404 error when > > > > > > > I click the submit button. > > > > > > > > > > > > > > I'm guessing I'm missing some type of configuration in the > > > > > > > server.xml..... > > > > > > > > > > > > > > The form I am using is: > > > > > > > <form method="POST" action="j_security_check"> > > > > > > > <input type="text" name="j_username"/> > > > > > > > <input type="password" name="j_password"/> > > > > > > > <input type="submit" value="Submit"> > > > > > > > </form> > > > > > > > > > > > > > > > > > > > > > And I have the following in my web.xml > > > > > > > <login-config> > > > > > > > <auth-method>FORM</auth-method> > > > > > > > <form-login-config> > > > > > > > <form-login-page>/login.jsp</form-login-page> > > > > > > > <form-error-page>/login-error.jsp</form-error-page> > > > > > > > </form-login-config> > > > > > > > </login-config> > > > > > > > > > > > > > > Can anyone help me out here? > > > > > > > > > > > > > > -- > > > > > > > Sloan > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > To unsubscribe, e-mail: > > > > [EMAIL PROTECTED] > > > > > > > For additional commands, e-mail: > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > > > For additional commands, e-mail: > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]