tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: getting a jsp file to always be executed on form-based authentification
Date Mon, 18 Dec 2000 18:52:38 GMT
Joakim Verona wrote:

> hello,
> i would like a certain jsp file to always be executed when form based auth succeeds,
regardless of which
> resource we are trying to get at, something like an event-handler for the auth event.
> i cant really find a provission for such a function, other than having some session variable
> to check against, and including the same piece of code in every page.
> This is doable, but is there any more elegant solution?

Doing this goes quite a lot against the intent of what form-based authentication is all about.

Have you ever gone to a website with a protected area, where it popped up the username/password
dialog box?
(In other words, you were using BASIC authentication).  What happens is that you type in your
username/password and then you are sent to whatever page you originally requested.

Form based login is supposed to work exactly like that.  The first time you try to access
a page that is
protected by a security constraint, the servlet container will save your original request
and present the
login page to you.  Then, when you are successfully authenticated, your *originally* requested
page is

You will be able to tell whether the user is authenticated or not by checking the values returned
request.getRemoteUser() and request.getUserPrincipal().

> I will need to make my own security interceptor at some stage. Should I take care of
this need in
> the interceptor?
> --
> Joakim Verona

Craig McClanahan

View raw message