On Sun, 11 Mar 2001, Vladimir Grishchenko wrote:
> Hi,
>
> Just wondering if it's possible to get built-in form based authentication to
> work without the user actually trying to access a protected resource? I want to
> have a login box on the first page that users can use to authenticate
> themselves at my web-site.
"Authenticate on first access to a protected resource" is exactly what the
servlet spec requires. This is true for BASIC authentication as well --
it is not specific to form based.
As you can guess simply specifying "j_security_check"
> as form's action won't work. So, is there any way to accomplish this just using
> Servlet 2.2 specified form based auth. mechanism or I need to resort to some
> sort of custom security/session checker servlet??? Briefly looked through the
> mailing list archives and couldn't find any info.
>
A couple of choices to consider:
* Protect your entire web app with a security constraint that has
a "/*" URL pattern (NOTE - there is a bug in Tomcat 3.2.1 that
prevents this from working because the form login page would be
inside the protected area).
* Have the link on your home page exactly has you describe, but have
the link point at a "Welcome To My Application" page inside the
protected area. The fact that this page is protected will trigger
the authentication dialog, and once the user has identified themselves,
they will be welcomed to your app. From then on, they will have
already been authenticated.
> Thanks in advance,
> VG.
>
Craig McClanahan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
