I'd recommend putting it to the Tomcat guys, but I'm just about positive you'd have to use j_security_check (ie FORM-based authentication).
Mete Kural wrote: >Hi, > >My Struts-based webapp has two sub-apps. > >In the first sub-app, anybody can surf through without >having to be logged in, but if you are logged in, some >special features are enabled (ex: "Hello Mr. .."). > >In the second sub-app, you have to be logged in to >access the pages therein. > >For the entirety of the second sub-app, obviously a >security-constraint should be declared in web.xml. But >the first sub-app is open to anybody, although login >is encouraged (i.e. not required). For that reason, I >can't put a security-constraint for the first sub-app >in web.xml, but how am I going to authorize users who >want to log in while they're in the first sub-app in a >container-managed manner?? > >Basically what I want to do is to log a user in with >the container from a LoginAction class, rather than >the good-old "j_security" way. Maybe this one should >be asked to the Tomcat group, but in case some of you >may know, Is there a way to log a user in with the >container through a method interface inside an Action >class instead of dispatching the request to >j_security_constraint? I couldn't find such a method >interface in the Servlet 2.3 specs. > >I'll appreciate any insight on this. > >Thanks, >Mete Kural > > > >__________________________________________________ >Do You Yahoo!? >Yahoo! Autos - Get free new car price quotes >http://autos.yahoo.com > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
