tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Using multiple login pages
Date Thu, 06 Oct 2011 00:44:44 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martin,

On 10/5/2011 6:50 PM, Martin O'Shea wrote:
> If I understand you correctly, I think I should have this:
> 
> <login-config> <auth-method>FORM</auth-method> 
> <realm-name>Form-Based Authentication Area</realm-name> 
> <form-login-config> <form-login-page>/login</form-login-page> 
> <form-error-page>/jsp/security/protected/error.jsp</form-error-page>
>
> 
</form-login-config>
> </login-config>
> 
> But when called I receive a page not found exception. /login maps
> to a servlet I've been using to test my own logging in outside of 
> j_security_check

It's important to understand that the <form-login-page> is the
resource returned when the user tries to access a protected resource
but is not yet authenticated. The <form-login-page> does *not* perform
any authentication itself. It merely requests credentials from the
user (i.e. it contains a <form> with j_username and j_password fields).

> Should the servlet mapped to /login receive j_username and
> j_password?

No. It should produce a page which contains a login form.

Tomcat will handle the actual processing of j_username/j_password for
you, and then send the user onto the originally-requested page.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6M+fwACgkQ9CaO5/Lv0PCf7QCgiEzUtizqst/nDb0F9qrLeeb8
sbAAn0R85xOID9LtrPCSwIk54uZgssT3
=ssS3
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message