David, Thanks for the suggestion. I do have a login form on each page (that is until the user logs in :-) ). I did think of something like you're describing, but I just figured there had to be a better way.
I found some more information on that AuthenticationInterceptor, but as far I can figure, you can't tell JBoss/Jetty to use a different interceptor for this. Besides, it seems kind of overkill to write a custom class just to allow direct requests to a login page.... Any other thoughts ? Silvester <citaat van="David Ward"> > Silvester, > > I'll share what I do. I have a single servlet that is a central > controller that delegates processing and dispatches requests to jp's > (based on pathInfo). However, *I have 2 servlet mappings to it*. > > /myapp/web/pathInfo - myapp is the context, web is the servlet, pathInfo > (and request params) tell me how to process and where to request > dispatch to. > > /myapp/sweb/pathInfo - same as above except sweb (notice the "s") is a > different mapping *to the same servlet*, except it also is a web > protected resource. > > I have a dynamic login/logout link on each page (based on principal in > request), which simply links back to itself except replacing "web" with > "sweb". After the user logs in, he/she ends up visually back to where > he/she started, though the path in the url is a bit different. > > Now, it sounds like you have an actual login form on each of your pages. > I've not done that, but I'm guessing you could do the same thing as me, > except just pass along the username and password to a dummy login with > no display that onLoad (JavaScript) simply submits for you. But 1) that > seems hokey, and 2) you would want to make sure you're using SSL > otherwise your username and password are plain-text'ing over the net. > What do other people do in this circumstance? > > David > > -- > > Mensaje citado por Silvester van der Bijl <[EMAIL PROTECTED]>: > >> Hi there, >> >> We've got a web application which on each page displays a login box if >> the user isn't authenticated, or otherwise his personal menu, etc... >> >> The problem is, that after succesfully authenticating a user >> (j_security_check target), jetty doesn't know where to redirect the >> user to since I made a direct request to the login page (sort of). >> >> Shouldn't there be an additional property for j_security_check, like >> j_onsuccess_redirect_to ? >> >> Does anyone know of a workaround for this problem ? I've read about >> using a custom AuthenticationInterceptor, only I can't find where this >> interceptor is configured ? >> >> Please help. >> Silvester > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
