tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jose Alfonso Martinez <tril...@linuxcenter.com.mx>
Subject Re: form-based login / cookies disabled / JSPs in WEB-INF
Date Sun, 28 Sep 2003 16:09:53 GMT
Adam,

I am in the same issue as you and haven't come out with any workaround yet...

However, in my site, the login form could be an html because I don't need to maintain a session
until the user has logged-in.

Do you really need to maintain a session, even when the user is just browsing static html
files (before logging in)???  If the answer is no, then you could have an html login form.

Jose

On Sun, Sep 28, 2003 at 05:10:52PM +0200, Adam Hardy wrote:
> I think I have a problem.
> 
> I want form-based container-managed authentication on my app.
> 
> I also want to allow cookies to be disabled.
> 
> And I want to keep my JSPs under WEB-INF for security.
> 
> It seems I cannot have these 3 combined, because disabling cookies means 
> I have to do URL rewriting in the login form action URL, therefore my 
> login form has to be a JSP and cannot be just plain .html .
> 
> But while I do not want any JSPs outside of WEB-INF, I can't configure 
> my login form to be in WEB-INF.
> 
> Is this true, or is there a work-around?
> 
> Thanks
> Adam
> 
> 
> -- 
> struts 1.1 + tomcat 4.1.27 + java 1.4.2
> Linux 2.4.20 RH9
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

Mime
View raw message