tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: How do I support a login form embedded in templates
Date Tue, 30 Jun 2009 14:32:16 GMT
Daniel Henrique Alves Lima wrote:
> 	Hi, Steve and Chris.
> 	Steve, can you use AJAX to request a protected resource and to provide
> username/password to your real login page (configured at web.xml) or
> directly to j_security_check ?
> 	I don't know if this will work (and if this is what you have in mind),
> but:
> 	1. Design your "unprotected" pages at your will (including a small
> login box);
> 	2. When user fills the form in your small login box,
> 		- Send a JS XmlHttpRequest (AJAX) to a protected resource (for
> instance protected_resource.jsp);

It seems to me that you can skip the above step, no ?
And do the following one immediately.

> 		- Send a JS XmlHttoRequest to your real login page (login.jsp) or to
> j_security_check passing j_username and j_password 
as parameters.

extracted from your
> small login page (you can detect if login has failed or not using the
> response of XmlHttpRequest) ;
> 		- If is all right, reload the page or load any other resource that you
> want.

I think the problem is here (but probably solvable) :
In return to a successful login by the XmlHttpRequest, the server sends 
back a page, along with a "set-cookie" header, or with embedded 
";jsessionid=.." parameters.  This response page is received by the 
XmlHttpRequest handler.  This does not automatically (I think) mean that 
the browser (as a whole) knows about it, nor that any next outgoing 
request is going to magically include the jsessionid.
I believe there is more work to do here..

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message