tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "glaive" <>
Subject declarative / programmatic security hybrid ... ?
Date Mon, 02 Apr 2001 05:54:29 GMT

The current servlet specification describes an implementation of FORM based authentication
that simulates HTTP digest authentication.  I'm designing an application using Tomcat, and
I'd really like to use the container managed security, but I'd also like a more traditional
user experience...

I'd like to be able to have a login form that contains (perhaps in a hidden element) the url
of the next page to be viewed.  I would like the form to post to a servlet much like j_security_check,
and have the container authenticate the user, and then pass them to the next page.  Yet, I'd
still like the user to get tossed to a different login page if they tried to access the secure
resource directly... How plausable do you think this is?  What are my options?  Would it be
possible to write a servlet similar to the j_security_check, only have it pass the next page
to be viewed based on data it recieves in the HTTP Request?

Any help or suggestions that you can afford me are well appreciated.

~Norm Rupp

View raw message