Daniel Henrique Alves Lima wrote:
Hi, Steve and Chris.
Steve, can you use AJAX to request a protected resource and to provide
username/password to your real login page (configured at web.xml) or
directly to j_security_check ?
I don't know if this will work (and if this is what you have in mind),
but:
1. Design your "unprotected" pages at your will (including a small
login box);
2. When user fills the form in your small login box,
- Send a JS XmlHttpRequest (AJAX) to a protected resource (for
instance protected_resource.jsp);
It seems to me that you can skip the above step, no ?
And do the following one immediately.
- Send a JS XmlHttoRequest to your real login page (login.jsp)
or to
j_security_check passing j_username and j_password
as parameters.
extracted from your
small login page (you can detect if login has failed or not using the
response of XmlHttpRequest) ;
- If is all right, reload the page or load any other resource
that you
want.
I think the problem is here (but probably solvable) :
In return to a successful login by the XmlHttpRequest, the server sends
back a page, along with a "set-cookie" header, or with embedded
";jsessionid=.." parameters. This response page is received by the
XmlHttpRequest handler. This does not automatically (I think) mean that
the browser (as a whole) knows about it, nor that any next outgoing
request is going to magically include the jsessionid.
I believe there is more work to do here..
;-)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org