Daniel Lopez wrote:
>
> Hi Vladimir,
>
> <snipped for brevity>
>
> > I'm thinking along the same lines... You could also embed a tiny invisible
> > image in protected area to your front page (named /welcome, for example)
> > and define your login form as /welcome?mode=login, so whenever you're not
> > authorized welcome page is smart to display you a login form... The problem
> > here is that it's difficult to display a meaningful message that a user needs
> > to login whenever (s)he actually tries to get a real protected page since
> > it'll always display /welcome?mode=login. Something like that...
>
> On that regards. Whe we developed our own authentication mechanisms, we also took
>into
> account this
> specific problem and what we did was the following:
> .- The authentication system tries to authorise the user.
> .- If it fails, it returns a meaningful error code as no_log_in, wrong_password,
> session_timed_out...
> .- The system then checks if there's a specific forward page for the error code,
> somewhere in the configuration file
> (something like forward.page.wrong_password="/check_pass.html")
> .- If it exists, it forwards control to the specific page, otherwise it forwards
>control
> to the default page which would
> be the login page.
> This way, if you want to return a meaningful message you just have to create an html
> file with the proper message
> and configure it appropriately. It's not mandatory but in some situations and
>depending
> on the "level of knowledge"
> of your users, this is a very useful feature.
> Of course, this would imply a more complex authentication system, even though not
>much,
> and it would be something
> outside the spec.
I understand that you can write your own authentication mechanism, but I was looking
into
container based authentication... I think the scope of the original question is
escaping
from this thread
Thanks anyway...
>
> Just my 2c,
> Dan
>
> > > Haven´t tried it, tell me if it works if you do. And if you got any
> > > workaround by the way.
> > >
> > > I also seem to have read somewhere that you can do what you want using
> > > the JDBCRealm. Have you tried anything on that line?
> >
> > As far as I understand JDBCRealm has little to do with it. It's just a mechanism
> > facilitating authentication, you give it [name, password, role] and it tells you
> > if you're good to go using a database instead of tomcat-users.xml. that's it.
> >
> > >
> > > Christian Rauh
> > >
> > > [EMAIL PROTECTED]
> > > NewTrade
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, email: [EMAIL PROTECTED]
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, email: [EMAIL PROTECTED]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
