I understand your approach of setting session variables, but what I am
trying to get around is having each successive page check the value of those
variables. The reason is some of the pages are just static HTML pages, some
are jsp's, some are shtml's, in addition with directly entered URL's to a
resource file i.e.(http://intranet/marketing/resources/marketing.exe) how do
you check the session variables in those instances?
I don't want to convert all of the static html pages in to JSP's just to
check the value of the variables. Also we are running under NT and with our
site directory structure reaching 6 directory levels deep we run into
Tomcat's documented problem on NT ("Can't Write" error), when it tries to
create an associated java source and class file in the work directory the
file name is over 255 characters thus will not allow it to be creted.
Any other ideas?
Thanks
Bob
-----Original Message-----
From: Craig [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 25, 2001 10:22 AM
To: [EMAIL PROTECTED]
Subject: RE: configuring 1 webapp with multiple form logon pages
I have designed several multi-level administrative and user apps and find
that the use of session cookies or session variables make this simple. A
user logs into one section and receives the session variable or cookie which
allows access to only that section. Every consecutive page checks for that
variable. If it is not found the visitor is redirected. If it is they
continue on their way.
A user who can log in to several sections will eventually get all of the
variables set and can freely enter any section of the site that they want.
If you don't want this adjust your variables. Remember that you can delete
(clear) previously set variables which also is useful if someone attempts to
misbehave.
Integrate this with a database and only your imagination is the limit.
The key is that every page checks for necessary pass key first. For
security, maintain data in a call after the authentication process so that
no data is avaliable without authentication. Taglibs will do well here,
buffering your information from the path. If security is important, make
sure to adjust your timeouts appropriately. If this in not done some one
other then the original visitor could concievebly use the same computer, if
the browser is left open, and use the pre-established cookie to re-enter.
Good luck,
Craig
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 25, 2001 7:49 AM
To: [EMAIL PROTECTED]
Subject: RE: configuring 1 webapp with multiple form logon pages
The logon page is determined by which section of the site the users are
trying to access. For example if the user is trying to get to the Marketing
section they will be prompted with the Marketing logon page, that represents
the Marketing's UI look/feel. However, if the user wanted to go to the Sales
section they would be prompted with the Sales logon page that is consistent
with the Sales Look/Feel.
Is this more clear?
Thanks
Bob
-----Original Message-----
From: Randy Layman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 25, 2001 9:12 AM
To: [EMAIL PROTECTED]
Subject: RE: configuring 1 webapp with multiple form logon pages
My question is, how do you know which logon page to use? Is there
something special about the machine they are requesting from? Do they try
and go to a special (corporate unit specific) URL? Or is it supposed to
guess somehow?
One thing to remember is that the form-based logins are jsp pages.
You can look at the HTTP request headers or whatever you want to make the
decision about which login page to show, but in my experience this is
usually very difficult to do - everyone wants to go the same URL and us any
computer, but recieve their customized login page.
Randy
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 25, 2001 10:29 AM
To: [EMAIL PROTECTED]
Subject: configuring 1 webapp with multiple form logon pages
Using 3.2.1 has anyone configured a webapp that has multiple form-based
logon pages. Basically I need a different logon page for each corporate
unit? It appears to me that that by default, tomcat allows only 1 login page
per webapp.
Any Ideas?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
