I am not validating the form. I'm using the FORM authentication provided by
Tomcat, so Tomcat is validating the form.
Dave
Chad Wray <[EMAIL PROTECTED]> on 08/02/2001 10:32:55 AM
Please respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc:
Subject: Re: How to hide login pages
Are you including mylogin.jsp on every page?
I am a little confused because if you are validating a
form then you can check to see if the form was
submitted or not.
Can you send a small piece of the code, so we can take
a look.
-- Chad
--- [EMAIL PROTECTED] wrote:
>
> I thought of this but I don't think this will work.
> Login is a special
> case. If the user has not yet logged in and they
> enter a URL to a page (any
> valid page) the container (Tomcat) automatically
> returns the login page and
> then AFTER successful login redirects them to the
> page. Therefore whether
> the user enters a valid page or the login page
> directly, the login page is
> returned BEFORE any other page in my webapp. I never
> have a chance to
> create a session object. After successful login I
> think your suggestion
> works but I want to catch it before login as well.
>
> Or am I missing something here.
>
> Thanks,
> Dave
>
>
>
>
>
> Chad Wray <[EMAIL PROTECTED]> on 08/02/2001 09:13:31
> AM
>
> Please respond to [EMAIL PROTECTED]
>
> To: [EMAIL PROTECTED]
> cc:
>
> Subject: Re: How to hide login pages
>
>
> This may be a pain to implement if you have lots of
> pages in your website, but it would work. You could
> use a Session variable to hold onto where you are in
> the site. Then if you have a link that calls
> mylogin.jsp or another page that calls mylogin.jsp
> just check to see who called the page. So, on every
> page you would need to set the variable to null or
> some error value and then if the user clicks the
> login
> link then you could set the variable to a valid
> value.
> You are probably asking how can I set a value from
> a
> link. Well, have the link call the same page it is
> on
> and pass a value on the URL and then set the Session
> variable and redirect to mylogin.jsp. Then, on
> mylogin.jsp check the Session variable and if it is
> valid continue otherwise use javascript to go back
> one
> page. This would stop people from typing
> mylogin.jsp
> in the Address of the browser.
>
> Hope this helps.
>
> -- Chad
>
>
> --- [EMAIL PROTECTED] wrote:
> > I'm using FORM authentication and I would like to
> > hide the login JSP files
> > so the users don't access them directly. For
> > example, I don't want the user
> > to be able to enter the URL
> > http://myserver/mywebapp/mylogin.jsp since this
> > will not work (since there is no original url to
> > redirect them to they get
> > redirected to j_security_check).
> >
> > I've tried putting my login files in WEB-INF but
> > then when they try to
> > access a page in my webapp they get file not found
> > error.
> >
> > I've tried putting the login files in a secured
> > directory under my webapp
> > but this puts the ContextManager in an infinite
> > loop.
> >
> > Any ideas?
> >
> > Thanks,
> > Dave
> >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute
> with Yahoo! Messenger
> http://phonecard.yahoo.com/
>
>
>
>
>
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
