I thought of this but I don't think this will work. Login is a special
case. If the user has not yet logged in and they enter a URL to a page (any
valid page) the container (Tomcat) automatically returns the login page and
then AFTER successful login redirects them to the page. Therefore whether
the user enters a valid page or the login page directly, the login page is
returned BEFORE any other page in my webapp. I never have a chance to
create a session object. After successful login I think your suggestion
works but I want to catch it before login as well.
Or am I missing something here.
Thanks,
Dave
Chad Wray <[EMAIL PROTECTED]> on 08/02/2001 09:13:31 AM
Please respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc:
Subject: Re: How to hide login pages
This may be a pain to implement if you have lots of
pages in your website, but it would work. You could
use a Session variable to hold onto where you are in
the site. Then if you have a link that calls
mylogin.jsp or another page that calls mylogin.jsp
just check to see who called the page. So, on every
page you would need to set the variable to null or
some error value and then if the user clicks the login
link then you could set the variable to a valid value.
You are probably asking how can I set a value from a
link. Well, have the link call the same page it is on
and pass a value on the URL and then set the Session
variable and redirect to mylogin.jsp. Then, on
mylogin.jsp check the Session variable and if it is
valid continue otherwise use javascript to go back one
page. This would stop people from typing mylogin.jsp
in the Address of the browser.
Hope this helps.
-- Chad
--- [EMAIL PROTECTED] wrote:
> I'm using FORM authentication and I would like to
> hide the login JSP files
> so the users don't access them directly. For
> example, I don't want the user
> to be able to enter the URL
> http://myserver/mywebapp/mylogin.jsp since this
> will not work (since there is no original url to
> redirect them to they get
> redirected to j_security_check).
>
> I've tried putting my login files in WEB-INF but
> then when they try to
> access a page in my webapp they get file not found
> error.
>
> I've tried putting the login files in a secured
> directory under my webapp
> but this puts the ContextManager in an infinite
> loop.
>
> Any ideas?
>
> Thanks,
> Dave
>
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
