Return-Path: Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 53447 invoked from network); 12 Feb 2001 17:30:30 -0000 Received: from web11604.mail.yahoo.com (216.136.172.56) by h31.sny.collab.net with SMTP; 12 Feb 2001 17:30:30 -0000 Message-ID: <20010212173033.26967.qmail@web11604.mail.yahoo.com> Received: from [62.180.31.3] by web11604.mail.yahoo.com; Mon, 12 Feb 2001 09:30:33 PST Date: Mon, 12 Feb 2001 09:30:33 -0800 (PST) From: Drasko Kokic Subject: RequestIntercepter, Authentication & Login Form To: tomcat-user@jakarta.apache.org, cpita@tycdigital.com In-Reply-To: <02c001c092c6$81da2130$2f0d11ac@hqp2w2kdtpn2> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N Hi again, I have finished an implementation of the SingleLogin infrastructure protecting the whole heterogene multi site portal using RequestIntercepters and Servlet API 2.2 container based security. There are still two issues I would like to understand better: 1. The URI to the login page is specified relative to the container. Why are we not able to configure this page with an absolute URL so that another host could be used as an authentication site?! 2. The authorise methode of the RequestIntercepter is being invoked for both protected pages as well as after submiting the username and password on the login page. I would need to do two different things depending from where the call comes (eg. check username/password if from login otherwise check cookie). How can I detect in the authorise methode if the methode is being invoked after submiting username/password on the login page?! TIA Drasko __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/