|
Hello,
The current servlet specification describes an implementation of FORM based
authentication that simulates HTTP digest authentication. I'm designing an
application using Tomcat, and I'd really like to use the container managed
security, but I'd also like a more traditional user experience...
I'd like to be able to have a login form that contains (perhaps in a hidden
element) the url of the next page to be viewed. I would like the form to
post to a servlet much like j_security_check, and have the container
authenticate the user, and then pass them to the next page. Yet, I'd still
like the user to get tossed to a different login page if they tried to access
the secure resource directly... How plausable do you think this is? What
are my options? Would it be possible to write a servlet similar to the
j_security_check, only have it pass the next page to be viewed based on data it
recieves in the HTTP Request?
Any help or suggestions that you can afford me are well appreciated.
~Norm
Rupp |
