tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anastasios Angelidis <voo...@videotron.ca>
Subject Re: Beyond bassic form authentication?
Date Mon, 26 Jul 2004 14:11:40 GMT
Ok then I think the problem is not understood ;)

My form authentication does work. In fact I scabbed the whole security 
sample :P

Like I noted... When I type  the protected resources URL in the browser 
address bar. Tomcats authentication kicks in and redirects me to the 
login page I specified in my web.xml I type the username and password 
that is stored in mysql and I login. This works fine.

What I want to do is access the protected resource from an unprotected 
resource. For intsance on the welcome page of my web app which everyone 
can see. I want to add a login form which will login the user and give 
him access to the protect resource.

One solution is to just put a "Sign-In" link which will in turn try to 
access the protected resource, but since the visitor is not logged in, 
he will be redirected to the login page.

The other solution which I want is to offer a login page directly on the 
welcome page. Of course I canot just put a form on the welcome page with 
action="<%=request.encodeURL("j_security_check")%>" The browser wouldn't 
know where to post to.



Yiannis Mavroukakis wrote:

><english>
>Anastasie I think what Robert means is you should "steal" some code
>from the existing examples in Tomcat.
></english>
>
><greek>
>Yparxoune epishs kai alloi tropoi pou boreis na to kaneis ayto..boreis
>kalista na exeis authentication mesw tou Apache kai enos module
>pou koitaei gia valid accounts sthn mySQL sou.
></greek>
>
>Happy coding,
>
>Yiannis
>
>-----Original Message-----
>From: Anastasios Angelidis [mailto:voodoo@videotron.ca]
>Sent: 26 July 2004 14:13
>To: Tomcat Users List
>Subject: Re: Beyond bassic form authentication?
>
>
>Does any one have any ideas on this? What is code scabbing?
>
>Thanks
>
>Robert Harper wrote:
>
>  
>
>>Did you try scabbing code from the login.jsp? You may want to use that and the
>>user will gain access to the areas allowed with their group or role.
>>
>>Robert S. Harper
>>801.265.8800 ex. 255
>>
>> 
>>
>>    
>>
>>>-----Original Message-----
>>>From: Anastasios Angelidis [mailto:voodoo@videotron.ca]
>>>Sent: Friday, July 23, 2004 7:37 AM
>>>To: tomcat-user@jakarta.apache.org
>>>Subject: Beyond bassic form authentication?
>>>
>>>So I setup my web app to use Form Authentication with a User Realm in my
>>>MySQL DB. It all works fine. I type the protected resources URL into the
>>>browser, I get redirected to the login page, I login and behold it works! ;)
>>>
>>>Now how would I give access to a secure resource from an unsecure
>>>resource. For instance...
>>>
>>>My webapp has a front page with recent news, welcome message etc...
>>>Standard home page stuff...
>>>Obviously I can put a sign-in link that will try to access the protected
>>>resource, which will then redirect to the login page...
>>>But is there a way to put a login form on the home page directly and
>>>post that form for authentication and from there give access to the
>>>protected resource?
>>>
>>>Thanks
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>   
>>>
>>>      
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>> 
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>________________________________________________________________________
>This e-mail has been scanned for all viruses by Star Internet. The
>service is powered by MessageLabs.
>
>Note:__________________________________________________________________
>This message is for the named person's use only. It may contain
>confidential, proprietary or legally privileged information. No
>confidentiality or privilege is waived or lost by any mistransmission.
>If you receive this message in error, please immediately delete it and
>all copies of it from your system, destroy any hard copies of it and
>notify the sender. You must not, directly or indirectly, use, disclose,
>distribute, print, or copy any part of this message if you are not the
>intended recipient. Jaguar Freight Services and any of its subsidiaries
>each reserve the right to monitor all e-mail communications through its
>networks.
>Any views expressed in this message are those of the individual sender,
>except where the message states otherwise and the sender is authorized
>to state them to be the views of any such entity.
>________________________________________________________________________
>This e-mail has been scanned for all viruses by Star Internet. The
>service is powered by MessageLabs.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message