tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Jacobson <marti...@libero.it>
Subject Re: Tomcat: j_security_check: Form Authentication
Date Fri, 11 Jul 2003 07:38:34 GMT
Muhammad Bilal wrote:
> I want to have a synchronization between the authentication stuff. Like, 
> I have a web site, and every user has some role, and every user can 
> access some protected resource based on his role. Now I want to use JDBC 
> realm for this purpose with Form auth. so that user logs into the site 
> only once and use it according to his access rights, instead he requests 
> for a protected resource and then he goes to login page. You see, its 
> quite logical that user should have a leverage to go to login page first 
> or to access a protected resource. If things work for him in latter case 
> why not in former?
> 
> I believe there must be some thing to do it, after all tomcat's default 
> admin site is doing the same thing.
> 

It doesn't! The link to the admin app is /admin/index.jsp - this is a 
protected resource, so the user is redirected to the login page 
/admin/login.jsp. Once authenticated, he then sees the page he 
originally requested.
The problem is that if you enter /admin/login.jsp directly, you get an 
error when you submit the form. So, the general problem is that it is 
not possible to bookmark the login page, unless there is a subtle 
work-around that I haven't come across.

However, if a user bookmarks a protected resource (or is given a url to 
a protected resource), he will be asked to login the first time he 
accesses that page in a session. Thereafter, he can navigate directly to 
any page which matches (one of) his assigned role(s).

HTH
Martin


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message