Re: Reusing form configured in form based authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charl, Charl Gerber wrote: I have an application using form based authentication. Is it possible to use the same form as a stand-alone login screen? Tomcat does not allow this use case because it is not covered by the servlet specification. According to the spec, the only supported use case is to have the remote user request a protected page, then challenge them for credentials, etc. If you want to allow drive-by logins, one option is to use securityfilter (http://securityfilter.sourceforge.net/) which is a (relatively) drop-in replacement for container-managed authentication and authorization. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklvW0oACgkQ9CaO5/Lv0PA1EACgm+TzeShSNEBLGGScxFxVqOyi Pg0AoL3jLf8KBqW7cFS3IvDr875hCCG1 =Geln -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Reusing form configured in form based authentication
Hi, I have an application using form based authentication. Is it possible to use the same form as a stand-alone login screen? Default, if you enter the url of the form manually (or get it from your browser's history) and you submit it, you get an error message. You always have a smart-ass who will do this, so I want to have my application properly handle it and never want error screen to show. I would venture a guess that you just have to configure a proper servlet mapping for the j_security_check action to enable you to use the form directly also, but would that then cause problems for the server authentication? Or would Tomcat be able to handle this? And the j_security_check action would then probably have to be configured so that no authentication is needed for it to execute, right? Otherwise I'll land in a loop. Thanks! Charl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
