Just one idea: Define two jsp's:
/public/jsp/foowrapper.jsp /member/jsp/foowrapper.jsp Both JSP' contain just an include to /jsp/foo.jsp Let the login link point to the /member/jsp/foowrapper.jsp Let /member/jsp/foowrapper.jsp be protected by tomcat. > -----Urspr�ngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] > Gesendet: Mittwoch, 19. Dezember 2001 23:19 > An: [EMAIL PROTECTED] > Betreff: Contrary Login Use Case > > > In the standard use case for declarative security: > > 1. The user accesses a page > 2. Tomcat uses web.xml-based Security Constraints and > session data about > authenticated users to determine whether to fulfill the > request or redirect > to a login or error page. > > This is good. But let's say a business analyst decides that > in her webapp, > every user should see page Foo without logging in. In > addition a button > shall be provided in Foo so that the lowly unauthenticated user can be > authorized to see the page in its full glory, with all the > superuser bells > and whistles. (An example could be how Jive Forums work out > of the box.) > > In this case, say we are starting at Page A, clicking on a > link to some > login servlet/jsp, and after authenticating, refreshing Page > A. This seems > to me like an awkward case for declarative security, but I > don't expect > sympathy from this hypothetical business analyst. So has > anyone advice for > how to do this? TIA. > > > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
