tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Form-based Login question
Date Fri, 02 Dec 2011 02:53:05 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jerry,

On 12/1/11 9:30 PM, Jerry Malcolm wrote:
> I have been using form-based auth for several years.  I understand
> the challenge concept where TC puts up the pre-defined login page
> when the first page requiring auth is requested.  But I have a
> slightly different situation.  I want all of my non-protected pages
> (guest-level) to include the id/pw fields at the top of the page.
> At any time when the user chooses to go to the protected area of
> the site, they enter their id/pw and hit the login button and it
> takes them to a page in the protected area.  Basically, I want to
> bypass the forced login page if the user entered an id/pw unless 
> obviously the auth failed on the provided id/pw.
> 
> Is there a way to 'force' provide credentials under the covers at
> the time the first protected page is requested to get the user
> signed on without the intermediate login form appearing?

The easiest thing to do it to upgrade to Tomcat 7 which supports
servlet spec 3.0. There is a new method in the HttpServletRequest
class called "login" that takes a username and password.

Just take the username and password from the request (in a servlet you
write yourself) and call request.login(). After that, forward (or
redirect) the user wherever you want -- some kind of "you're
logged-in" landing page.

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7YPZEACgkQ9CaO5/Lv0PAldwCfQ7XLKMTDwNtNpgWh7anwNUIo
P5MAnjoAsGuqxmQsv2jeg+C1gvkmLaRK
=Wvqf
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message