Hello Craig: Using Shale, could you show how to code simple container-managed login form with j_username, j_password, and j_security_check and shed some light on the following attempt.
Specifically, i am attempting to use simple tomcat 5.5.9 SingleSignOn to dynamically switching between SSL application and non-SSL application under the same host: 1) Non-SSL application: 1.1) For protected resources, using roles but, not under SSL the app will check user SSO cookie. If not existed, it direct user to SSL logon. If the cookie existed, SingleSignOn will take care of the role protection. 1.2) For using SSL resources such as login, editProfile using Shale Dialog, etc, it will put a cookie having user current requested page for the SSL application to return to the non-SSL protocol. 2) SSL application: Get the user remote page for switching back to HTTP after the SSL session. All resources will be protected by SSL and roles. Behind both applications is tomcat JDBCRealm, for now, to a single data source. P.S: I tried RequestDispatcher using Shale preprocess command to direct all pages not under the SSL secure directory, and let tomcat handle SSL-protected pages. But this does not solve the problem that once the user is connected using SSL, the SSL connection stays on with non-ssl pages. Is there any simpler and/or better approach? JOSSO is the next level up that i do not have resource for now. Besides, i want to use Shale for both non-SSL and SSL applications. Thanks. BaTien DBGROUPS --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]