Renato, I have done my own form based logon with ASP, and I suppose you could do the same with JSP. It is not really that difficult in that you just use session variables to do it. Unfortunatly you must have code in each page that checks these session variables and then redirects the page if the session varialbles are not valid. I tipically show an error page with a link to the login page, but that is up to you. The main reason I did it this way is because I had a web application that had multiple security levels. To keep from having to have multiple versions of the same web page I would just change my sql querries and/or display based on the user security level.
With JSP you could also use servlets, custom tags or beans to do this also. I have just started programming with JSP so I am not sure how to do it without "scripting" like in ASP. It would be pretty cool to be able to use custom tags in a page to display things based on session variables. =) As far as instructing users not to access the login page - It was not a problem on my site but Tomcat 4.0 does not like it at all ... which might be technically correct, but may not be practical. Users will do anything (and everything) to screew-up your application, heck some do it just to piss you off. It would be nice to find a work-arround for this (user induced) problem in Tomcat 4.0. Barry ----- Original Message ----- From: "Renato Romano" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Thursday, November 22, 2001 6:09 AM Subject: R: Catalina Authentication PLS Help !! > I found something, but the proposed solution is "Instruct users not to > access the login page" !!! > Of course that's not good for me... consider, for example, that my login > page could be my HOME page !! > I know there is no portable solution, but one for Tomcat (4) would be ok, if > any... > Thanks > Renato > > -----Messaggio originale----- > Da: Barry White [mailto:[EMAIL PROTECTED]] > Inviato: mercoled� 21 novembre 2001 19.26 > A: Tomcat Users List; [EMAIL PROTECTED] > Oggetto: Re: Catalina Authentication PLS Help !! > > > I remember some discussion about this subject. Have you searched the > achives? > > ----- Original Message ----- > From: "Renato Romano" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Wednesday, November 21, 2001 12:11 PM > Subject: Catalina Authentication PLS Help !! > > > > Hi, > > I succesfully configured my webapp for login authentication, but I get > > a "Page not Found" Error, when a user access DIRECTLY the login page, > > (and not a protected area!!) and correctly gives his username and > > password. Probably Tomcat simply doesn't know WHERE to forward the > > user, because he didn't request a protected page!! > > When using Tomcat 3.2 I solved this by looking at the > > "tomcat.auth.originalLocation" parameter in the session object, and > > then defining a "default" value for this attribute when it was not > > set. > > How to do this with Tomcat 4 ?? > > Thanks. > > Renato > > > > > > -- > > To unsubscribe: <mailto:[EMAIL PROTECTED]> > > For additional commands: <mailto:[EMAIL PROTECTED]> > > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > > > > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
