Daniel Henrique Alves Lima wrote:
> Hi, Steve and Chris.
>
> Steve, can you use AJAX to request a protected resource and to provide
> username/password to your real login page (configured at web.xml) or
> directly to j_security_check ?
> I don't know if this will work (and if this is what you have in mind),
> but:
>
> 1. Design your "unprotected" pages at your will (including a small
> login box);
> 2. When user fills the form in your small login box,
> - Send a JS XmlHttpRequest (AJAX) to a protected resource (for
> instance protected_resource.jsp);
It seems to me that you can skip the above step, no ?
And do the following one immediately.
> - Send a JS XmlHttoRequest to your real login page (login.jsp) or to
> j_security_check passing j_username and j_password
as parameters.
extracted from your
> small login page (you can detect if login has failed or not using the
> response of XmlHttpRequest) ;
> - If is all right, reload the page or load any other resource that you
> want.
>
I think the problem is here (but probably solvable) :
In return to a successful login by the XmlHttpRequest, the server sends
back a page, along with a "set-cookie" header, or with embedded
";jsessionid=.." parameters. This response page is received by the
XmlHttpRequest handler. This does not automatically (I think) mean that
the browser (as a whole) knows about it, nor that any next outgoing
request is going to magically include the jsessionid.
I believe there is more work to do here..
;-)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|