Re: Form Based Authentication - Registration
On 02/14/2004 10:31 AM Alexander F. Hartner wrote: No we want to add registration and have the following happen 1.) Customer requests access to a realm 2.) Redirect to login page 3.) Customer doesn't have an account yet and accesses registration page 4.) Customer registers 5.) On successful registration the customer is redirected to the original request Now to get this working we need the following, both of which we are not sure are currently provided by the authentication framework. -Ability to access the original (SavedRequest) from a JSP / Servlet -Ability to "auto/fake" login from within the webapplication You cannot access the original request if the url is protected by a security-constraint and the user has not logged in. Tomcat will always jump in first with the CMS login. To fake it and keep CMS, reduce your real realm to a security constraint on one URL and set up a filter to check for the user's status. If not logged in, saved the parts of the request you need in the session, and redirect the user to the protected page to trigger the container login. Then after the login succeeds and the user gets through to that protected URL, check the session for the info and redirect them to their original destination. You can put a link on the login page to the registration URL - I'm not sure about the redirection logic but it should be possible to redirect them after registration back to the login page to login, and then on to their original destination. HTH Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Form Based Authentication - Registration
We have form based authentication working as follows : 1.) Customer requests access to a realm 2.) Redirect to login page 3.) Customer authenticates 4.) Customer redirected to realm as original request No we want to add registration and have the following happen 1.) Customer requests access to a realm 2.) Redirect to login page 3.) Customer doesn't have an account yet and accesses registration page 4.) Customer registers 5.) On successful registration the customer is redirected to the original request Now to get this working we need the following, both of which we are not sure are currently provided by the authentication framework. -Ability to access the original (SavedRequest) from a JSP / Servlet -Ability to "auto/fake" login from within the webapplication Is this currently possible ? Thanks Alex Alexander F. Hartner eMail : [EMAIL PROTECTED] Work : +27-11-646-6459 Fax : +27-11-646-5868 The programmers of old were mysterious and profound. We cannot fathom their thoughts, so all we do is describe their appearance. Aware, like a fox crossing the water. Alert, like a general on the battlefield. Kind, like a hostess greeting her guests. Simple, like uncarved blocks of wood. Opaque, like black pools in darkened caves. Who can tell the secrets of their hearts and minds? The answer exists only in the Tao. -- Geoffrey James, "The Tao of Programming" - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Form Based Authentication - Registration
We have form based authentication working as follows : 1.) Customer requests access to a realm 2.) Redirect to login page 3.) Customer authenticates 4.) Customer redirected to realm as original request No we want to add registration and have the following happen 1.) Customer requests access to a realm 2.) Redirect to login page 3.) Customer doesn't have an account yet and accesses registration page 4.) Customer registers 5.) On successful registration the customer is redirected to the original request Now to get this working we need the following, both of which we are not sure are currently provided by the authentication framework. -Ability to access the original (SavedRequest) from a JSP / Servlet -Ability to "auto/fake" login from within the webapplication Is this currently possible ? Thanks Alex Alexander F. Hartner eMail : [EMAIL PROTECTED] Work : +27-11-646-6459 Fax : +27-11-646-5868 The programmers of old were mysterious and profound. We cannot fathom their thoughts, so all we do is describe their appearance. Aware, like a fox crossing the water. Alert, like a general on the battlefield. Kind, like a hostess greeting her guests. Simple, like uncarved blocks of wood. Opaque, like black pools in darkened caves. Who can tell the secrets of their hearts and minds? The answer exists only in the Tao. -- Geoffrey James, "The Tao of Programming"