Hello Haim,
This document directly speaks to your question:
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
It describes how to weave in a database or other dynamic data store into the
Tomcat security API that the Click default example is using.
Best
Ari
On Tue, Mar 1, 2011 at 5:37 AM, Bob Schellink <[email protected]> wrote:
> Hi,
>
> Click is built on top of Java Servlet API so that doco assumes familiarity
> with Servlet security.
>
> If you are not familiar with Java Servlet Security you will find many books
> or articles describing
> the standard. Also note that the standard is quite loose on the
> implementation and each container is
> free to provide it's own implementation. So if you use Tomcat you should
> see the Tomcat doco, same
> for JBoss etc. Many people opt to use an alternative security to the
> standard such as Spring
> Security or Apache Shiro.
>
> Hope this helps.
>
> Bob
>
> On 2011/03/01 00:06 AM, Haim Schindler wrote:
> > Hi,
> >
> > I have read:
> >
> >
> http://click.apache.org/docs/user-guide/htmlsingle/click-book.html#security
> >
> > but beside the definitions in web.xml file, I could not figure out how
> the logic of authentication
> > works.
> > where is the logic that works against the database ?
> > where and how are the users & passwords are stored ?
> > who is handling the POST request from the login form ?
> >
> > Haim
> >
> >
> > On Sun, Feb 20, 2011 at 11:37 PM, Bob Schellink <[email protected]<mailto:
> [email protected]>> wrote:
> >
> > Hi,
> >
> > The scenario you describe is pretty much how Servlet security
> works[1]. You can also use these
> > alternatives[2].
> >
> > Bob
> >
> > [1]:
> http://click.apache.org/docs/user-guide/htmlsingle/click-book.html#security
> > [2]:
> >
> http://click.apache.org/docs/user-guide/htmlsingle/click-book.html#alternatve-security-solutions
> >
> > On 2011/02/20 17:17 PM, Haim Schindler wrote:
> > > Hello,
> > >
> > > What is the right way in click to redirect to a desired page after
> successful login?
> > >
> > > *here is the scenario:*
> > >
> > > user type in the browser url:
> > >
> > > *www.site.com/page1000.htm <http://www.site.com/page1000.htm> <
> http://www.site.com/page1000.htm>*
> > >
> > > but user is NOT login so he was redirected to
> > >
> > > *www.site.com/login.htm <http://www.site.com/login.htm> <
> http://www.site.com/login.htm>*
> > >
> > > after successful login I want the user to be automatically
> redirected to
> > >
> > > *www.site.com/page1000.htm <http://www.site.com/page1000.htm>
> > <http://www.site.com/page1000.htm> * (the original url that the
> user wanted)
> > >
> > > (now what I do is a bit tedios, I keep this information the the url
> to login.htm?.... and then
> > I use
> > > hidden fields in the login form so that info goes to login process
> after post....)
> > >
> >
> >
>
>
