I want to have a synchronization between the authentication stuff. Like, I have a web site, and every user has some role, and every user can access some protected resource based on his role. Now I want to use JDBC realm for this purpose with Form auth. so that user logs into the site only once and use it according to his access rights, instead he requests for a protected resource and then he goes to login page. You see, its quite logical that user should have a leverage to go to login page first or to access a protected resource. If things work for him in latter case why not in former?
I believe there must be some thing to do it, after all tomcat's default admin site is doing the same thing.
It doesn't! The link to the admin app is /admin/index.jsp - this is a protected resource, so the user is redirected to the login page /admin/login.jsp. Once authenticated, he then sees the page he originally requested.
The problem is that if you enter /admin/login.jsp directly, you get an error when you submit the form. So, the general problem is that it is not possible to bookmark the login page, unless there is a subtle work-around that I haven't come across.
However, if a user bookmarks a protected resource (or is given a url to a protected resource), he will be asked to login the first time he accesses that page in a session. Thereafter, he can navigate directly to any page which matches (one of) his assigned role(s).
HTH Martin
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
