On Thu, 31 Oct 2002, Jan Agermose wrote:
> Date: Thu, 31 Oct 2002 17:15:08 +0100 > From: Jan Agermose <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: 'Tomcat Users tomcat <[EMAIL PROTECTED]> > Subject: Form auth > > I would like to use formbased auth for my application, but it seams, that it is >based on > 1. user trying to access som resource > 2. if not logged in - prompt That's correct. From the user point of view, it operates exactly like BASIC authentication does (where the browser pops up the login dialog the first time you ask for a protected resource). > > This is of cause good. But usualy you have a webpage that has a > login-form somewhere on the page to allow the user to log in at will. > Log in -before- a secured page is requested. How can I implement this? I > find only methods to getRemoteUser and isInRole and... no setRemoteUser > or the like... > You won't be able to have the login form itself on the unsecured page, but you can easily provide a "Log In" button (say, on your home page) like this: * Make the log in button link to a resource in a protected directory * Make that resource just do a redirect back to the home page When the user clicks the log in button, the form based login page gets displayed (because the resource is protected). After login is complete, Tomcat then executes the protected resource, which redirects back to the home page with the user being logged on already. > Am I making sense :-) > > Jan Craig -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
