Is it possible to specify which form authenticator to use per web app or is it a one shot deal?
Where does tomcat decide that j_security_check is FormAuthenticator? Can I change that? -----Original Message----- From: Koes, Derrick [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 9:48 AM To: 'Tomcat Users List' Subject: RE: form base auth with custom messages Ah, I misunderstood the problem. Your best bet is to write a custom form authentication. It's more work, but you'll have access to everything you need because you are in control. -----Original Message----- From: Summers, Bert W. [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 11:57 AM To: Tomcat Users List Subject: RE: form base auth with custom messages I would like to but there are two problems: 1. On the error page I don't know who tried to login, so I can not do any checks with the db. 2. I will have to a custom Realm to check for my date and not auth the user. How can you get info from the FormAuthenticator? It seems to be a sendRedirect so all request parameters are gone. -----Original Message----- From: Koes, Derrick [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 8:53 AM To: 'Tomcat Users List' Subject: RE: form base auth with custom messages You should be able to control this from your form-error-page. -----Original Message----- From: Summers, Bert W. [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 11:48 AM To: [EMAIL PROTECTED] Subject: form base auth with custom messages I am using form base authentication with web.xml security constraints. It works fine in that if you enter the correct username and password you get in. What I want to do is provide feedback to the user for certain conditions, such as password is expired and they can not login or about to expire and take them to the change password page. The password expire feature is done by tracking how long it has been since they changed it. Is there an easy way to make some extra checks and then control which page is shown after authentication or failed authentication? I am starting down the path of rewriting FormAuthenticator. The problem with this is that all my web apps must conform to this same approach. Prior to using the web.xml to enforce security my login servlet would make these checks and then redirect to the correct page. Thanks This electronic transmission is strictly confidential to Smith & Nephew and intended solely for the addressee. It may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, or someone authorized by the intended addressee to receive transmissions on behalf of the addressee, you must not retain, disclose in any form, copy or take any action in reliance on this transmission. If you have received this transmission in error, please notify the sender as soon as possible and destroy this message. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This electronic transmission is strictly confidential to Smith & Nephew and intended solely for the addressee. It may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, or someone authorized by the intended addressee to receive transmissions on behalf of the addressee, you must not retain, disclose in any form, copy or take any action in reliance on this transmission. If you have received this transmission in error, please notify the sender as soon as possible and destroy this message. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
