>From what I gather, you are not using the built-in
forms-based authentication? I'd like to stick with it
for now but will consider other options as I add more
functionality.
--- Jonathan Wilson <[EMAIL PROTECTED]>
wrote:
> There's probably a much better way, but I like the
> fine-grained approach
> I use. Unfortunately(or
> fortunately) it requires *every* page you want
> access controlled to have
> a <jsp:include> tag. The
> included jsp file checks a session variable to
> determine if the user is
> logged in, and whether or
> not their 'role' is sufficient(my app-defined roles,
> not to be confused
> with the role mechanism
> contained within Tomcat itself) to access the
> resource - so the
> jsp:included page either forwards them to login
> page,
> notifies them they don't have the necessary
> priviledges, or lets them
> pass through. For the proper jsp:forward after the
> user successfully logs in (or if s/he already has
> the proper perms) I
> just check a calling parameter which I set from the
> original calling
> page(which is properly URL encoded) and jsp:forward
> the user to that
> resource. You should check for null forwarding
> parameters in case
> the access controlled page doesn't actually set it's
> forward address
> properly(well worth your time). Probably a confusing
> process, but it makes sense to me! ..and it's
> working on a large-scale
> in-house production app - their are performance
> issues I'm sure
> if your considering a super-large deployment.
>
> If anybody has a better/quicker solution I'm
> interested.
>
> --JW
>
>
> footh wrote:
>
> >I have a quick question regarding Tomcat's
> form-based
> >login. I have it working fine for pages that are
> >listed as protected. For ex, if a user hits a
> >protected page, they are redirected to a login
> page,
> >we'll call it "login_required" that says the
> requested
> >resource requires a login. If they fail the login,
> >the error page, we'll call "login_invalid", appears
> >which looks just like the login_required page
> except
> >it says invalid login, please try again. If the
> user
> >logs in correctly on any of these pages, they are
> >redirected to the original protected page. This
> works
> >great.
> >
> >But, the user can explicitly log in by clicking on
> a
> >"log in" link everywhere on the site. I have a an
> >idea of how to do this, but I have a couple of
> >questions regarding this idea.
> >
> >I was going to create a "login_dummy" page, a
> >protected page that is the source of all the
> "login"
> >links throughout the site. When this page is hit,
> the
> >whole forms-based login process will occur. When
> the
> >user finally authenticates, the login_dummy page
> will
> >just redirect them to the home page.
> >
> >The questions I have are 1) I would really like to
> >direct the user to the page they were on when they
> >clicked the "login" link. I can't figure out how
> to
> >do that. And 2) This method requires that I use
> the
> >"login_required" page described above (the form
> >attached to the form-based login) which will
> contain
> >text like "the requested resource requires a login,
> >etc, etc." When they click on a login link, they
> >aren't accessing a protected resource, they are
> just
> >logging in. So, I really need a different login
> page
> >(or just different introductory text). However, I
> >don't know how to differentiate that I'm coming
> from a
> >direct login link.
> >
> >The latter issue isn't a big deal, I could always
> just
> >use a generic login page. Anyway, does anyone have
> >any ideas of how I might be able to implement this?
> >
> >Thanks,
> >
> >JF
> >
> >
> >
> >__________________________________
> >Do you Yahoo!?
> >Check out the new Yahoo! Front Page.
> >www.yahoo.com
> >
> >
> >
>
>---------------------------------------------------------------------
> >To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> >For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >
> >
> >
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
__________________________________
Do you Yahoo!?
Check out the new Yahoo! Front Page.
www.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
