Hello Craig:

Using Shale, could you show how to code simple container-managed login
form with j_username, j_password, and j_security_check and shed some
light on the following attempt.

Specifically, i am attempting to use simple tomcat 5.5.9 SingleSignOn to
dynamically switching between SSL application and non-SSL application
under the same host:

1) Non-SSL application:
   1.1) For protected resources, using roles but, not under SSL the app
will check user SSO cookie. If not existed, it direct user to SSL logon.
If the cookie existed, SingleSignOn will take care of the role
protection.
   1.2) For using SSL resources such as login, editProfile using Shale
Dialog, etc, it will put a cookie having user current requested page for
the SSL application to return to the non-SSL protocol.

2) SSL application: Get the user remote page for switching back to HTTP
after the SSL session. All resources will be protected by SSL and roles.

Behind both applications is tomcat JDBCRealm, for now, to a single data
source.

P.S: I tried RequestDispatcher using Shale preprocess command to direct
all pages not under the SSL secure directory, and let tomcat handle
SSL-protected pages. But this does not solve the problem that once the
user is connected using SSL, the SSL connection stays on with non-ssl
pages. Is there any simpler and/or better approach? JOSSO is the next
level up that i do not have resource for now. Besides, i want to use
Shale for both non-SSL and SSL applications.

Thanks.

BaTien
DBGROUPS



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to