Hi Vladimir,
<snipped for brevity>
> I'm thinking along the same lines... You could also embed a tiny invisible
> image in protected area to your front page (named /welcome, for example)
> and define your login form as /welcome?mode=login, so whenever you're not
> authorized welcome page is smart to display you a login form... The problem
> here is that it's difficult to display a meaningful message that a user needs
> to login whenever (s)he actually tries to get a real protected page since
> it'll always display /welcome?mode=login. Something like that...
On that regards. Whe we developed our own authentication mechanisms, we also took into
account this
specific problem and what we did was the following:
.- The authentication system tries to authorise the user.
.- If it fails, it returns a meaningful error code as no_log_in, wrong_password,
session_timed_out...
.- The system then checks if there's a specific forward page for the error code,
somewhere in the configuration file
(something like forward.page.wrong_password="/check_pass.html")
.- If it exists, it forwards control to the specific page, otherwise it forwards
control
to the default page which would
be the login page.
This way, if you want to return a meaningful message you just have to create an html
file with the proper message
and configure it appropriately. It's not mandatory but in some situations and depending
on the "level of knowledge"
of your users, this is a very useful feature.
Of course, this would imply a more complex authentication system, even though not much,
and it would be something
outside the spec.
Just my 2c,
Dan
> > Haven´t tried it, tell me if it works if you do. And if you got any
> > workaround by the way.
> >
> > I also seem to have read somewhere that you can do what you want using
> > the JDBCRealm. Have you tried anything on that line?
>
> As far as I understand JDBCRealm has little to do with it. It's just a mechanism
> facilitating authentication, you give it [name, password, role] and it tells you
> if you're good to go using a database instead of tomcat-users.xml. that's it.
>
> >
> > Christian Rauh
> >
> > [EMAIL PROTECTED]
> > NewTrade
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, email: [EMAIL PROTECTED]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
