struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig McClanahan <>
Subject Re: [Kina-OT] Declarative Security form question
Date Sat, 08 May 2004 00:37:39 GMT
Joe Hertz wrote:

>I'm trying to use declarative security in my struts app, but it's not
>really a struts-specific problem.
>It works great when someone goes to a protected page. They get
>redirected to the "login page".
>But what if I want to include a login form on any or every other page? 
>If I provide something more or less identical to the login page's form
>in a tile that goes on the top of every page, when the user
>"successfully" submits it, an HTTP 400 error is returned- Invalid direct
>reference to form login page.
>I see a number of ways around this, but not give me the behavior I was
>hoping to implement. I want the user to be able to login on any page
>that doesn't necessarily require a login, and upon doing so, get sent
>back to that same page.
>Is Declarative Security not meant for me??
If you want a real login form on every page, it's probably not.  The 
"j_security_check" URL is only enabled when the container is in the 
middle of the form based login transaction.

An alternative would be to consider having a login *link* instead, which 
points at a protected resource (and therefore forces login if 
necessary).  This resource would then just forward back to the main menu 
or something like that.


>To unsubscribe, e-mail:
>For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message