tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chong Yu Meng <chon...@cymulacrum.net>
Subject Re: How does tomcat redirect from login
Date Sun, 18 Apr 2004 06:37:21 GMT
Hi Jim,

You might want to look at SecurityFilter 
(http://securityfilter.sourceforge.net/). I have a write-up on this on 
my site (http://cymulacrum.net), using JDBC. If you look at the source 
files in the download tarball, you can easily guess how to adapt it for 
your own needs, I think. I'm not an expert on this filter by any means, 
so you'll have to dig around a bit on your own.


Jim Kennedy wrote:

>Actually, I'm stupid here.  j_security_check is not the issue.  It's
>actually deeper in the container.  Not a part of the motor I want to touch.
> 
>
>-----Original Message-----
>From: Jim Kennedy [mailto:jgkennedy@mindspring.com] 
>Sent: Saturday, April 17, 2004 2:08 PM
>To: 'Tomcat Users List'
>Subject: RE: How does tomcat redirect from login
>
>Thanks, I'm surprised there is no way to do this.  Why wouldn't they just
>pop it in the request.  Seems very easy.  I wonder if I could find the
>source for j_security_check and make the appropriate changes.  I don't want
>to reinvent J2ee security. 
>
>-----Original Message-----
>From: Tim Funk [mailto:funkman@joedog.org]
>Sent: Saturday, April 17, 2004 1:44 PM
>To: Tomcat Users List
>Subject: Re: How does tomcat redirect from login
>
>There is no way to do that. Your best alternative is to NOT use
>authentication/authorization via the spec and create some Servlet Filters to
>perform the appropriate authentication and authorization checks. That way,
>the filter can be smart enough to determine you user context and handle it
>approriately.
>
>The upside - is the path is very portable to othre conatiners. The downside
>is you reinvent some of the wheel. Lucky for you  - there are other projects
>on the Internet which use Filters for this very purpose  - so some of your
>work might already be done.
>
>-Tim
>
>Jim Kennedy wrote:
>
>  
>
>> 
>>I am using form based login, which is working fine for me.  I would 
>>like to display different login content (on my login form) based on 
>>the desired intent of the user.  So , if the user wants to go to a 
>>certain section of my site that is secure, I would like to capture the 
>>redirect page (the url of the secure page) before the user logs in.
>>Knowing that URL will allow me to display specific content for that 
>>section.  I have searched the session and the request scopes for 
>>something that looks like a redirect page.  Can't find anything.  Not 
>>even
>>    
>>
>a cookie.
>  
>
>>So, how does tomcat store the intended (redirect) page during the 
>>login process for "form based login".  Where is it stored?  How can I 
>>get
>>    
>>
>it?
>  
>
>>Hope I don't need to hack the source for j_security_check.
>>
>>    
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>  
>

-- 
A complex system that works is invariably found to have evolved from a
simple system that works.
+----------------------------------------------------------------+
| Pascal Chong                                                   |
| email: chongym@cymulacrum.net                                  |
|                                                                |
| Please visit my site at : http://cymulacrum.net                |
| If you're using my documentation, please read the Terms and    |
| and Conditions at http://cymulacrum.net/terms.html             |
+----------------------------------------------------------------+



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message