The <form-login-page> tag is used to reference the login page, similar to
the way you have the <form-error-page> tag coded. The <form-login-page>
should look something like <form-login-page>/login.jsp</form-login-page>,
and the login.jsp page would have the post to j_security_check and the
j_username and j_password fields. Not sure what you mean by "...So every
page has a form with a loginname and password field...."; only login.jsp
has the login post and variables, your application content pages do not
have the login parms and require nothing special for this.
Use the <url-pattern> tag in the <security-constraint> to control what
pages within your application require login. If all pages require a login,
it would be something like <url-pattern>/*</url-pattern>.
Understand that you do not link users directly to login.jsp. They should
access the page they want, and tomcat will interrupt the access their first
time, transfer them to the login.jsp, and assuming they login correctly;
tomcat will then allow access to the desired page.
David
Werner van Mook
<[EMAIL PROTECTED] To: Tomcat Users List <[EMAIL
PROTECTED]>
s.com> cc:
Subject: formbased login question
03/04/2004 03:56
AM
Please respond to
"Tomcat Users
List"
Before starting on a quest for more knowledge I thought I ask you all,
I'm building a web app.
A user should be able to login on every page available.
So every page has a form with a loginname and password field.
The form is formatted correctly for form based login.
I'm not using frames!
My web.xml contains :
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/*</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
I'm wondering about the <form-login-page> tag.
How to make it clear to tomcat that every page can be a login page.
I haven't tried it yet but I think my solution (/*) will not work.
The testingserver DB is broken and we are using JDBCRealm.
Who has experience with this and is willing to help me?
I would like to know what to fill in in the <form-login-page> tag or
any other way to solve this.
Kind regards,
Werner van Mook
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
