> I have had quite a few problems relating to this kind of thing - if you
> setup your login page as the "welcome" page, or indeed if the user
> accesses the login page directly, the container has no way of knowing
> where to go next after submitting the name and password to the
> j_security_check. We've been finding that JRun just hangs in this case.
> I reckon it would be preferable if the default was to go *to* the
> welcome page after a login with no previous cached request.
>
> Any ideas on ways of circumventing this type of problem? I was
> previously submitting the logon information to an Action class and
> either overwriting or inserting the "requested page" information which
> was stored in the session, and then forwarding to j_security_check. But
> this is a bit flaky and not very portable.
>
> cheers,
>
> Luke.
>
I've made something like this (in tomcat 3):
-- at the start of the login page:
<%
if( request.getRemoteUser( ) != null || session.isNew( ) ) {
response.sendRedirect( "/app/actions/main.do" );
return;
}
%>
--
It had many workaroungs ( e.g. getPrincipal was buggy, the main page
could not be placed in the guarded zone, that's why the actions
directory) and worked hazardously, but don't know why.
It redirects the request to the guarded main action
if this is a fresh session or the user was already in. After the
redirect the container traps the request again but has an address
to forward to after authentication. Anyway, the welcome page method
Craig mentioned I think supposes you were using your own
authentication, not container managed. incze
