One way to do this is to create a filter for the protected resources. When accessing them, the filter gets invoked. It checks on the session wheter the user has already logged in or not. If not, it redirects to the login page which in turn redirects to the protected resouce. What do you guys think about this approach???
Jose Alfonso On Thu, Oct 31, 2002 at 10:19:16AM -0800, Craig R. McClanahan wrote: > > > On Thu, 31 Oct 2002, Jan Agermose wrote: > > > Date: Thu, 31 Oct 2002 17:15:08 +0100 > > From: Jan Agermose <[EMAIL PROTECTED]> > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > > To: 'Tomcat Users tomcat <[EMAIL PROTECTED]> > > Subject: Form auth > > > > I would like to use formbased auth for my application, but it seams, that it is >based on > > 1. user trying to access som resource > > 2. if not logged in - prompt > > That's correct. From the user point of view, it operates exactly like > BASIC authentication does (where the browser pops up the login dialog the > first time you ask for a protected resource). > > > > > This is of cause good. But usualy you have a webpage that has a > > login-form somewhere on the page to allow the user to log in at will. > > Log in -before- a secured page is requested. How can I implement this? I > > find only methods to getRemoteUser and isInRole and... no setRemoteUser > > or the like... > > > > You won't be able to have the login form itself on the unsecured page, but > you can easily provide a "Log In" button (say, on your home page) like > this: > > * Make the log in button link to a resource in a protected directory > > * Make that resource just do a redirect back to the home page > > When the user clicks the log in button, the form based login page gets > displayed (because the resource is protected). After login is complete, > Tomcat then executes the protected resource, which redirects back to the > home page with the user being logged on already. > > > Am I making sense :-) > > > > Jan > > Craig > > > > -- > To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> > For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org> > -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
