Oh - I am not familar with the authentication provided
by Tomcat - I coded my own authentication when people
log into my site.
Hopefully someone else might be able to help out more.
-- Chad
--- [EMAIL PROTECTED] wrote:
>
> I am not validating the form. I'm using the FORM
> authentication provided by
> Tomcat, so Tomcat is validating the form.
> Dave
>
>
>
>
>
> Chad Wray <[EMAIL PROTECTED]> on 08/02/2001 10:32:55
> AM
>
> Please respond to [EMAIL PROTECTED]
>
> To: [EMAIL PROTECTED]
> cc:
>
> Subject: Re: How to hide login pages
>
>
> Are you including mylogin.jsp on every page?
>
> I am a little confused because if you are validating
> a
> form then you can check to see if the form was
> submitted or not.
>
> Can you send a small piece of the code, so we can
> take
> a look.
>
> -- Chad
>
>
> --- [EMAIL PROTECTED] wrote:
> >
> > I thought of this but I don't think this will
> work.
> > Login is a special
> > case. If the user has not yet logged in and they
> > enter a URL to a page (any
> > valid page) the container (Tomcat) automatically
> > returns the login page and
> > then AFTER successful login redirects them to the
> > page. Therefore whether
> > the user enters a valid page or the login page
> > directly, the login page is
> > returned BEFORE any other page in my webapp. I
> never
> > have a chance to
> > create a session object. After successful login I
> > think your suggestion
> > works but I want to catch it before login as well.
> >
> > Or am I missing something here.
> >
> > Thanks,
> > Dave
> >
> >
> >
> >
> >
> > Chad Wray <[EMAIL PROTECTED]> on 08/02/2001
> 09:13:31
> > AM
> >
> > Please respond to [EMAIL PROTECTED]
> >
> > To: [EMAIL PROTECTED]
> > cc:
> >
> > Subject: Re: How to hide login pages
> >
> >
> > This may be a pain to implement if you have lots
> of
> > pages in your website, but it would work. You
> could
> > use a Session variable to hold onto where you are
> in
> > the site. Then if you have a link that calls
> > mylogin.jsp or another page that calls mylogin.jsp
> > just check to see who called the page. So, on
> every
> > page you would need to set the variable to null or
> > some error value and then if the user clicks the
> > login
> > link then you could set the variable to a valid
> > value.
> > You are probably asking how can I set a value
> from
> > a
> > link. Well, have the link call the same page it
> is
> > on
> > and pass a value on the URL and then set the
> Session
> > variable and redirect to mylogin.jsp. Then, on
> > mylogin.jsp check the Session variable and if it
> is
> > valid continue otherwise use javascript to go back
> > one
> > page. This would stop people from typing
> > mylogin.jsp
> > in the Address of the browser.
> >
> > Hope this helps.
> >
> > -- Chad
> >
> >
> > --- [EMAIL PROTECTED] wrote:
> > > I'm using FORM authentication and I would like
> to
> > > hide the login JSP files
> > > so the users don't access them directly. For
> > > example, I don't want the user
> > > to be able to enter the URL
> > > http://myserver/mywebapp/mylogin.jsp since this
> > > will not work (since there is no original url to
> > > redirect them to they get
> > > redirected to j_security_check).
> > >
> > > I've tried putting my login files in WEB-INF but
> > > then when they try to
> > > access a page in my webapp they get file not
> found
> > > error.
> > >
> > > I've tried putting the login files in a secured
> > > directory under my webapp
> > > but this puts the ContextManager in an infinite
> > > loop.
> > >
> > > Any ideas?
> > >
> > > Thanks,
> > > Dave
> > >
> > >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Make international calls for as low as $.04/minute
> > with Yahoo! Messenger
> > http://phonecard.yahoo.com/
> >
> >
> >
> >
> >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute
> with Yahoo! Messenger
> http://phonecard.yahoo.com/
>
>
>
>
>
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
