tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aniket B Sutaria" <aniketsuta...@rediffmail.com>
Subject Re: Re: Form auth
Date Fri, 01 Nov 2002 15:51:27 GMT
Jan,

Seems u have the same mentality as I have!

To solve your problem, download the "SECURITY FILTER" project 
 from
http://securityfilter.sourceforge.net/

This project implements a security filter and allows the user to 
log in at his/her will.

Also mail me if u are using JDBC realm for authentication.

Aniket

On Fri, 01 Nov 2002 Jan Agermose wrote :
>Im used to work in a different way - not using declarative 
>security. Might
>be the real problem :-) It seams, that this decleartive security 
>thing is
>good for resources that are allways protected or not. My pages 
>are mostly
>partly secured in that all users can access some page but some 
>items on the
>page are displayed only if the user is logged in. Or a page that 
>is
>displayed in a context. In one context it is OK to see the page 
>and
>depending on some parameter (the context) it might not be ok. 
>Runtime
>checked security. I really need to have the user login at will 
>not foreced -
>but allso foreced of cause. This idea of a button and a 
>fake-secured-page
>that forces a login prompt. I really want a loginform on the 
>frontpage. I
>dont want the user to have to klik a button only to get to the 
>loginscreen
>af submit that one. I cannot change a design just because of a 
>"design flaw"
>in the backend code ;-) I really should be possible to submit 
>login
>information on free will.
>
>Allso what You described below seams to be exacly what is 
>allready
>implementet in formauth method?
>
>Jan
>
>
>----- Original Message -----
> From: "Alfonso Martinez" <trilock@linuxcenter.com.mx>
>To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
>Sent: Friday, November 01, 2002 6:00 AM
>Subject: Re: Form auth
>
>
> > One way to do this is to create a filter for the protected 
>resources. When
>accessing them, the filter gets invoked. It checks on the session 
>wheter the
>user has already logged in or not. If not, it redirects to the 
>login page
>which in turn redirects to the protected resouce. What do you 
>guys think
>about this approach???
> >
> > Jose Alfonso
> >
> > On Thu, Oct 31, 2002 at 10:19:16AM -0800, Craig R. McClanahan 
>wrote:
> > >
> > >
> > > On Thu, 31 Oct 2002, Jan Agermose wrote:
> > >
> > > > Date: Thu, 31 Oct 2002 17:15:08 +0100
> > > > From: Jan Agermose <jan@agermose.dk>
> > > > Reply-To: Tomcat Users List 
><tomcat-user@jakarta.apache.org>
> > > > To: 'Tomcat Users tomcat 
><tomcat-user@jakarta.apache.org>
> > > > Subject: Form auth
> > > >
> > > > I would like to use formbased auth for my application, but 
>it seams,
>that it is based on
> > > >     1. user trying to access som resource
> > > >     2. if not logged in - prompt
> > >
> > > That's correct.  From the user point of view, it operates 
>exactly like
> > > BASIC authentication does (where the browser pops up the 
>login dialog
>the
> > > first time you ask for a protected resource).
> > >
> > > >
> > > > This is of cause good. But usualy you have a webpage that 
>has a
> > > > login-form somewhere on the page to allow the user to log 
>in at will.
> > > > Log in -before- a secured page is requested. How can I 
>implement this?
>I
> > > > find only methods to getRemoteUser and isInRole and... 
>no
>setRemoteUser
> > > > or the like...
> > > >
> > >
> > > You won't be able to have the login form itself on the 
>unsecured page,
>but
> > > you can easily provide a "Log In" button (say, on your home 
>page) like
> > > this:
> > >
> > > * Make the log in button link to a resource in a protected 
>directory
> > >
> > > * Make that resource just do a redirect back to the home 
>page
> > >
> > > When the user clicks the log in button, the form based login 
>page gets
> > > displayed (because the resource is protected).  After login 
>is complete,
> > > Tomcat then executes the protected resource, which redirects 
>back to the
> > > home page with the user being logged on already.
> > >
> > > > Am I making sense :-)
> > > >
> > > > Jan
> > >
> > > Craig
> > >
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
><mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > > For additional commands, e-mail:
><mailto:tomcat-user-help@jakarta.apache.org>
> > >
> >
> > --
> > To unsubscribe, e-mail:
><mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
><mailto:tomcat-user-help@jakarta.apache.org>
> >
> >
>
>
>--
>To unsubscribe, e-mail:   
><mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail: 
><mailto:tomcat-user-help@jakarta.apache.org>
>
>_______________________________________________
>tomcat-users mailing list
>tomcat-users@lists.real-time.com
>https://mailman.real-time.com/mailman/listinfo/tomcat-users


Aniket Sutaria
Developer
Fortune Infotech Ltd

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message