tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arieh Markel <Arieh.Mar...@Central.Sun.COM>
Subject Re: login-config handling
Date Fri, 11 Feb 2000 00:38:44 GMT

> Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
> X-No-Archive: yes
> list-help: <mailto:tomcat-dev-help@jakarta.apache.org>
> list-unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> list-post: <mailto:tomcat-dev@jakarta.apache.org>
> Delivered-To: mailing list tomcat-dev@jakarta.apache.org
> From: Arieh Markel <Arieh.Markel@central.sun.com>
> Subject: login-config handling (was Re: Help with Interceptors)
> To: tomcat-dev@jakarta.apache.org
> Content-MD5: S8yVZXVYOemx/Hn5QbkFzw==
> 

> I am willing to help get this implemented.
> 
> A question that rises is the following:
> 
>   In my application, I define two contexts, each one with their respective
>   web-app:
>   
>   	default		which is the "console" context
>   	services	which are things that plug in to the console
>   	
>   The default context is composed of several servlets that provide what
>   constitutes 'console' functionality (navigation, log viewer, alarms,
>   'service launching').
>   
>   The 'launch' servlet serves as a registrar of servlets on the 'services'
>   context. In essence I am doing dynamic incorporation of servlets into the
>   engine.
> 
>   The separation allows me to segregate the static portion from the
>   dynamic portion.
>   
>   I would like that the same 'form-login-page' apply to both contexts.
>   
>     
> 
> Inspection of the spec (2.2) indicates that the form-login-page is
> the
> 
> 	"location in the web app where the page that can be used for
> 	login can be found"
> 	
> 	
> This appears not to address my need, since I would like to be able to have
> the same login page for multiple web apps.
> 
> --
> 
> With regards to helping in the implementation, I need some guidance as to
> the context on which the checking of prior access to the login-page has
> been done.
> 
> What are the ideas of implementing this ?
> 
> --
> 
> Some of what I have in mind deal with checking HttpSession information.
> 
> In our implementation, I wanted to be able to handle the case of users
> that do not accept cookies. I maintain a session-id keyed- Hashtable that
> maintains valid sessions.
> 
> Session (in)existence is the determining factor for redirecting to the
> login-page.
> 
> --
> 
> So in general, the default login page needs to be set whenever a URL access
> that does not find a session (or a cookie) is detected.
> 
> --
> 
> With regards to the handling of the login information, I presume that the
> code to support that needs to be in WebXmlInterceptor, right ?
> 
> Along the lines of adding a:
> 
> 	private void processLoginConfig ()
> 	
> method.
> 
> The second part, as I see from the code could be in the context of
> the ServletWrapper invocation and the subsequent RequestImpl setting of
> the session.

Also, I see that the Context class does not have a placeholder for the
LoginConfiguration information.

So, it will need to be added as well.

Arieh

> 
> --
> 
> Am I off in my assumption that login-page verification equates session
> establishment ?
> 
> (That is at least how we treat it in our application).
> 
> --
> Arieh
> --
>  Arieh Markel		                Sun Microsystems Inc.
>  Network Storage                        500 Eldorado Blvd. MS UBRM11-194
>  e-mail: arieh.markel@sun.COM           Broomfield, CO 80021
>  Let's go Panthers !!!!                 Phone: (303) 272-8547 x78547
>  (e-mail me with subject SEND PUBLIC KEY to get public key)
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

--
 Arieh Markel		                Sun Microsystems Inc.
 Network Storage                        500 Eldorado Blvd. MS UBRM11-194
 e-mail: arieh.markel@sun.COM           Broomfield, CO 80021
 Let's go Panthers !!!!                 Phone: (303) 272-8547 x78547
 (e-mail me with subject SEND PUBLIC KEY to get public key)


Mime
View raw message