tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <>
Subject Re: Form Based Authentication - Registration
Date Sat, 14 Feb 2004 14:48:21 GMT
On 02/14/2004 10:31 AM Alexander F. Hartner wrote:
> No we want to add registration and have the following happen
> 1.) Customer requests access to a realm
> 2.) Redirect to login page
> 3.) Customer doesn't have an account yet and accesses registration page
> 4.) Customer registers
> 5.) On successful registration the customer is redirected to the 
> original request
> Now to get this working we need the following, both of which we are not 
> sure are currently provided by the authentication framework.
> -Ability to access the original (SavedRequest) from a JSP / Servlet
> -Ability to "auto/fake" login from within the webapplication

You cannot access the original request if the url is protected by a 
security-constraint and the user has not logged in. Tomcat will always 
jump in first with the CMS login.

To fake it and keep CMS, reduce your real realm to a security constraint 
on one URL and set up a filter to check for the user's status. If not 
logged in, saved the parts of the request you need in the session, and 
redirect the user to the protected page to trigger the container login.

Then after the login succeeds and the user gets through to that 
protected URL, check the session for the info and redirect them to their 
original destination.

You can put a link on the login page to the registration URL - I'm not 
sure about the redirection logic but it should be possible to redirect 
them after registration back to the login page to login, and then on to 
their original destination.


struts 1.1 + tomcat 5.0.16 + java 1.4.2
Linux 2.4.20 Debian

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message