Assaf Arkin wrote [somewhat backwards]:
>
> Indeed that is not covered by the specs. I'll see what can be done to
> solve this for Serlvets 2.3.
>
> arkin
>
> dan benanav wrote:
> >
> > No that is not the point. I know that you can enforce login to all resources
> > but what if you want the following to happen -
> >
> > A user enters a URL and goes to a home page which has an optional login
> > form. If you type in your username and password you will be logged in.
> > Otherwise you can just go to other pages. How would you write a servlet to
> > access the authentication services of the servlet container in a standard
> > way?
Incidentally, that's one of the major things I've been trying (quite
inarticulately) to ask for a while. I'm kind of glad to hear it isn't
in the specification, because I thought I was going mad. :-)
(Now having said that, *doesn't* the 2.2 spec handle that?
I.e., your home page would have a form in it with the magic tokens like
this:
<form name=loginform method=post action="j_security_check">
<input type=text name=j_username>
<input type=text name=j_password>
</form>
...and then (perhaps THIS isn't what's covered) the "j_security_check"
action would...would...magically...um....
Well, somewhere after you submit this form, you should be able to ask
the container for the principal, right? And that would let you know
whether the user had logged in.)
Cheers,
Laird
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
