Laird,
You may be misunderstanding the spec and agreeing to soon here. The spec does not
handle the case
where you want the user to log in from a non protected resource and to allow the user
to log in at any
time.
The spec states how one would force a login page to appear if the user accesses a
protected resource
but does not define a standard way to log the user in.
dan
Laird Nelson wrote:
> Evan Ireland wrote:
> > > Wait, there are specifications somewhere that tell me what to name
> > > fields on a web form such that automatic authentication will occur? How
> > > wonderful. Where are they, and who has implemented them?
> >
> > From the servlet 2.2 spec:
> >
> > "The look and feel of the ?login screen? cannot be controlled with an HTTP
>browser?s built in
> > authentication mechanisms. Therefore this specification defines a form based
>authentication
> > mechanism which allows a Developer to control the look and feel of the login
>screens.
> > The web application deployment descriptor contains entries for a login form and
>error page to be
> > used with this mechanism. The login form must contain fields for the user to
>specify username and
> > password. These fields must be named ?j_username? and ?j_password?, respectively."
>
> Thank you; right under my nose as usual.
>
> Cheers,
> Laird
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
