I have form based authentication working. But, I need the login form to be a little more dynamic. For instance, I want to use different forms for different areas and not always use the same form. Is this possible? For instance, under one site I want to limit URLs to different logins. I realize I should just have a login and have a userid and a password, but my customer wants to simply have an access code to certain pages or directories. I would like to use form based authentication then I can have the userid as a hidden variable, and then have a password entered by the user, but for some admin screens I need the user to actually enter the userid and password both....
I hope that makes sense. I can't figure out how to setup a security constraint which can force a particular login form to be used if the user is not logged in yet.
Thanks,
Wade
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Ok,
So I think I should be able to do this with a filter, but I need some help. Basically it looks like I should be able to use a filter to some how get the original target before the authentication form is displayed....is this correct? Basically I need to some how know when a particular URL pattern is being displayed or is attempted to be accessed...before the login form is displayed. When it is displayed I'll set an attribute in the request in the filters doFilter method. However, now I need to know how I can access the Request before the authentication mechanism takes over I suppose because from my login form accessing the getPathInfo() method is returning the login form information when I really need to know the actual path the user was attempting to access. So, can I use a filter to do this, and if so how do I make sure my filter is called in time to give me the information I need?
Thanks,
Wade
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
